Primary

Context

Agiloft Remote Code Execution Vulnerability via EUI Template Injection

Vulnerability

A remote code execution vulnerability has been identified in Agiloft Release 28. The issue arises from improper neutralization of special elements in the EUI template engine, allowing authenticated attackers to execute arbitrary code by loading a specially crafted payload. This vulnerability affects users with administrative permissions who can import and edit EUI templates.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed code running in the context of the application.

Remediation

Users are advised to upgrade to Agiloft Release 31, which addresses this vulnerability by implementing safeguards that prevent unauthorized code execution through templates.

Added: Aug 26, 2025, 11:19 PM

Updated: Aug 26, 2025, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agiloft Remote Code Execution Vulnerability via EUI Template Injection

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating