CVE-2025-35113

Agiloft improper neutralization in EUI template engine

CVSS 4.8 MEDIUMEPSS 0.4%CWE-1336

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

26 ago 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

Produtos afetados

Agiloft · Agiloft

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-239-01.json https://wiki.agiloft.com/display/HELP/What%27s+New%3A+CVE+Resolution https://www.cve.org/CVERecord?id=CVE-2025-35113