Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
0Vulnerabilities found
CVE-2025-35112
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-26 Aug, 2025 | 22:19
Updated-26 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agiloft XML external entity local path traversal

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.

Action-Not Available
Vendor-Agiloft
Product-Agiloft
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2025-35115
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.2||CRITICAL
EPSS-Not Assigned
Published-26 Aug, 2025 | 22:18
Updated-26 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

Action-Not Available
Vendor-Agiloft
Product-Agiloft
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-35114
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 22:18
Updated-26 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agiloft local privilege escalation via default credentials

Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.

Action-Not Available
Vendor-Agiloft
Product-Agiloft
CWE ID-CWE-1392
Use of Default Credentials
CVE-2025-35113
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-4.8||MEDIUM
EPSS-Not Assigned
Published-26 Aug, 2025 | 22:17
Updated-26 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agiloft improper neutralization in EUI template engine

Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.

Action-Not Available
Vendor-Agiloft
Product-Agiloft
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine