Description

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.

INFO

Published Date :

2025-08-28T17:10:58.381Z

Last Modified :

2025-11-04T21:13:20.996Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58047 vulnerability.

Vendors Products
Plone
  • Volto
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58047.

URL Resource
http://www.openwall.com/lists/oss-security/2025/08/28/3 cve-icon
https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a cve-icon cve-icon
https://github.com/plone/volto/releases/tag/16.34.0 cve-icon cve-icon
https://github.com/plone/volto/releases/tag/17.22.1 cve-icon cve-icon
https://github.com/plone/volto/releases/tag/18.24.0 cve-icon cve-icon
https://github.com/plone/volto/releases/tag/19.0.0-alpha.4 cve-icon cve-icon
https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact