CVE-2025-61668

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Volto versions 16.34.0 through 16.34.1 Volto versions 17.0.0 through 17.22.1 Volto versions 18.0.0 through 18.27.1 Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.5

Description An anonymous user can cause the NodeJS server part of Volto to terminate unexpectedly by visiting a specific URL. This issue does not involve any known real-world attacks or a specific number of affected devices.

Recommendations Upgrade to Volto version 16.34.1. Upgrade to Volto version 17.22.2. Upgrade to Volto version 18.27.2. Upgrade to Volto version 19.0.0-alpha.6. Ensure your setup automatically restarts processes that quit with an error to minimize downtime.

Exploit

Fix

DoS

Improper Check for Exceptional Conditions

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-476

Related Identifiers

CVE-2025-61668

GHSA-M8RJ-PPPH-MJ33

Affected Products

Volto

CVE-2025-61668

Weakness Enumeration

Related Identifiers

Affected Products

References · 17