CVE-2025-34086 | Bolt CMS up to 3.7.0 .sessions displayname code injection

A vulnerability has been found in Bolt CMS up to 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /async/browse/cache/.sessions. The manipulation of the argument displayname leads to code injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability was named CVE-2025-34086. The attack can be initiated remotely. There is no exploit available.VulDB Recent EntriesRead More