Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
Metrics
Affected Vendors & Products
References
History
Sun, 31 Aug 2025 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Plone
Plone volto |
|
Vendors & Products |
Plone
Plone volto |
Thu, 28 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 28 Aug 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error. | |
Title | Volto affected by possible DoS by invoking specific URL by anonymous user | |
Weaknesses | CWE-755 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-28T18:35:51.922Z
Reserved: 2025-08-22T14:30:32.221Z
Link: CVE-2025-58047

Updated: 2025-08-28T18:35:49.393Z

Status : Awaiting Analysis
Published: 2025-08-28T18:15:33.277
Modified: 2025-08-29T16:24:29.730
Link: CVE-2025-58047

No data.

Updated: 2025-08-31T08:41:43Z