Insecure Temporary File

CVE-2025-25599

Medium

6.5/10

Summary

Bolt is an open-source Content Management System. In Bolt it was discovered that temporary files are used insecurely when uploading an "avatar" from a URL, leading to Arbitrary File Disclosure. This issue affects bolt/core package versions prior to 5.1.25, and 5.2.x prior to 5.2.2.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-377 - Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

References

Advisory
Pull request
Release Note
POC/Exploit

Advisory Timeline

Published Mar 11, 2025

Insecure Temporary File

CVE-2025-25599

Summary

CWE-377 - Insecure Temporary File

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS