CVE-2022-36532
Published: 16 September 2022
Summary
CVE-2022-36532 is a high-severity an unspecified weakness vulnerability in Bolt Bolt Cms. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Bolt CMS versions 5.1.12 and earlier contain a flaw that permits an authenticated user holding ROLE_EDITOR privileges to upload a file and subsequently rename it, resulting in remote code execution on the server. The issue carries a CVSS 3.1 score of 8.8 with network attack vector, low complexity, and low privileges required.
An attacker who obtains or already possesses ROLE_EDITOR credentials can upload a crafted file, rename it to a web-executable extension, and trigger execution of arbitrary code, thereby gaining full control over the affected Bolt CMS instance.
The supplied references point to bolt.com and a detailed analysis at lutrasecurity.com, though no explicit patch or mitigation steps are enumerated in the available data.
EPSS for the vulnerability rose from a low baseline to a peak of 0.4680 on 2025-12-11 before receding to the current value of 0.2479, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-39240
Vulnerability details
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.