CVE-2025-58047: Volto affected by possible DoS by invoking specific URL by anonymous user
When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error.
References
- github.com/advisories/GHSA-xjhf-7833-3pm5
- github.com/plone/volto
- github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a
- github.com/plone/volto/releases/tag/16.34.0
- github.com/plone/volto/releases/tag/17.22.1
- github.com/plone/volto/releases/tag/18.24.0
- github.com/plone/volto/releases/tag/19.0.0-alpha.4
- github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5
- nvd.nist.gov/vuln/detail/CVE-2025-58047
Code Behaviors & Features
Detect and mitigate CVE-2025-58047 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →