CVE-2025-58047

Name of the Vulnerable Software and Affected Versions Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.4 Volto versions 18.0.0 through 18.24.0 Volto versions 17.0.0 through 17.22.1 Volto versions prior to 16.34.0

Description Volto, a React-based frontend for the Plone Content Management System, is susceptible to a denial-of-service (DoS) condition. An anonymous user can trigger an error that causes the NodeJS server component of Volto to terminate by visiting a specifically crafted URL. Reports indicate approximately 76.5K potentially vulnerable services are discoverable online.

Recommendations Volto versions prior to 16.34.0: Upgrade to version 16.34.0 or later. Volto versions 17.0.0 through 17.22.1: Upgrade to version 17.22.1 or later. Volto versions 18.0.0 through 18.24.0: Upgrade to version 18.24.0 or later. Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.4: Upgrade to version 19.0.0-alpha.4 or later. Ensure your system is configured to automatically restart processes that terminate due to errors to minimize downtime.