
We found results for “”
CVE-2025-61668
Good to know:


Date: October 2, 2025
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.
Severity Score
Related Resources (11)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version @plone/volto - 16.34.1;@plone/volto - 17.22.2;@plone/volto - 18.27.2;@plone/volto - 19.0.0-alpha.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |