CVE-2025-61668: @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
(updated )
When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error.
References
- github.com/advisories/GHSA-m8rj-ppph-mj33
- github.com/plone/volto
- github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109c
- github.com/plone/volto/pull/7412
- github.com/plone/volto/pull/7413
- github.com/plone/volto/releases/tag/16.34.1
- github.com/plone/volto/releases/tag/17.22.2
- github.com/plone/volto/releases/tag/19.0.0-alpha.6
- github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33
- nvd.nist.gov/vuln/detail/CVE-2025-61668
Code Behaviors & Features
Detect and mitigate CVE-2025-61668 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →