We found results for “”
CVE-2025-61668
Good to know:
Date: October 2, 2025
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.
Severity Score
Related Resources (11)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version @plone/volto - 16.34.1;@plone/volto - 17.22.2;@plone/volto - 18.27.2;@plone/volto - 19.0.0-alpha.6
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |
Vulnerabilities
Projects
Contact Us


