CVE-2025-34086

Name: CVE-2025-34086
Creator: NVD / NIST
Published: 2025-07-03T20:15:22.683+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.15%

Last modified Jun 17, 2026

CVE-2025-34086 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. EPSS estimates a 2.15% chance of exploitation in the next 30 days.

Description

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file. NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

7.5/10

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

2.15%

79.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Boltcms	Bolt	<= 3.7.0

References

https://boltcms.io/newsitem/major-announcements-bolt-3-eol-bolt-4-2-5-0-releasesRelease Notes
https://github.com/bolt/boltProduct
https://github.com/bolt/bolt/releases/tag/3.7.1Release Notes
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/bolt_authenticated_rce.rbExploit
https://www.exploit-db.com/exploits/48296Exploit, VDB Entry
https://www.rapid7.com/db/modules/exploit/unix/webapp/bolt_authenticated_rce/Exploit, Third Party Advisory

Timeline

Published: Jul 3, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-34086?

How severe is CVE-2025-34086?

CVE-2025-34086 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.15% probability of exploitation in the next 30 days.

How do I fix CVE-2025-34086?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-34086?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST