Browse all 4 CVE security advisories affecting Agiloft. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Agiloft provides contract lifecycle management and enterprise automation platforms, serving as configurable workflow systems for legal, sales, and compliance teams. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely documented, the four CVEs on record highlight persistent risks in areas like authentication bypass and insecure direct object references. Organizations implementing Agiloft should prioritize regular security assessments and patch management to mitigate potential exploitation of these recurring vulnerability classes in their workflow automation environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-35112 | Agiloft XML external entity local path traversal — AgiloftCWE-611 | 4.1 | Medium | 2025-08-26 |
| CVE-2025-35115 | Agiloft insecure download of system packages — AgiloftCWE-494 | 8.1 | High | 2025-08-26 |
| CVE-2025-35114 | Agiloft local privilege escalation via default credentials — AgiloftCWE-1392 | 7.5 | High | 2025-08-26 |
| CVE-2025-35113 | Agiloft improper neutralization in EUI template engine — AgiloftCWE-1336 | 5.9 | Medium | 2025-08-26 |
This page lists every published CVE security advisory associated with Agiloft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.