Vulnerability Details CVE-2025-35112
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.9%
CVSS Severity
CVSS v3 Score 4.1
References