CVE-2025-61668

216.73.217.22

· Published 02/10/2025 22:15 · Modified 02/10/2025 22:15

Labels: CVE-2025-61668 2025-10-02 CVE-2025-61668 CWE-476 [email protected]

Essential information

Published: 02/10/2025 22:15
Modified: 02/10/2025 22:15
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
plone / volto	`cpe:2.3:a:plone:volto:<16.34.0:::::::*`
plone / volto	`cpe:2.3:a:plone:volto:17.0.0-17.22.1:::::::*`
plone / volto	`cpe:2.3:a:plone:volto:18.0.0-18.27.1:::::::*`
plone / volto	`cpe:2.3:a:plone:volto:19.0.0-alpha.1-19.0.0-alpha.5:::::::*`