Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-58047

HIGH
Published 2025-08-28T17:10:58.381Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-58047. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Description

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

plone

volto

Affected Versions:

< 16.34.0 >= 17.0.0, < 17.22.1 >= 18.0.0, < 18.24.0 >= 19.0.0-alpha.1, < 19.0.0-alpha.4

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.

Affected Products (ENISA)

plone
volto

ENISA Scoring

CVSS Score (3.1)

7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.070
probability

ENISA References

https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5
https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a
https://github.com/plone/volto/releases/tag/16.34.0
https://github.com/plone/volto/releases/tag/17.22.1
https://github.com/plone/volto/releases/tag/18.24.0
https://github.com/plone/volto/releases/tag/19.0.0-alpha.4

Data provided by ENISA EU Vulnerability Database. Last updated: August 28, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Volto affected by possible DoS by invoking specific URL by anonymous user

GHSA-xjhf-7833-3pm5

Advisory Details

### Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. ### Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your respective current major version: - Volto 16: [16.34.0](https://github.com/plone/volto/releases/tag/16.34.0) - Volto 17: [17.22.1](https://github.com/plone/volto/releases/tag/17.22.1) - Volto 18: [18.24.0](https://github.com/plone/volto/releases/tag/18.24.0) - Volto 19: [19.0.0-alpha4](https://github.com/plone/volto/releases/tag/19.0.0-alpha.4) ### Workarounds Make sure your setup automatically restarts processes that quit with an error. This won't prevent a crash, but it minimises downtime. ### Report The problem was discovered by FHNW, a client of Plone provider kitconcept, who shared it with the Plone Zope Security Team ([email protected]).

Affected Packages

npm @plone/volto
ECOSYSTEM: ≥0 <16.34.0
npm @plone/volto
ECOSYSTEM: ≥17.0.0 <17.22.1
npm @plone/volto
ECOSYSTEM: ≥18.0.0 <18.24.0
npm @plone/volto
ECOSYSTEM: ≥19.0.0-alpha.1 <19.0.0-alpha.4

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

WEB https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-58047
WEB https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a
PACKAGE https://github.com/plone/volto
WEB https://github.com/plone/volto/releases/tag/16.34.0
WEB https://github.com/plone/volto/releases/tag/17.22.1
WEB https://github.com/plone/volto/releases/tag/18.24.0
WEB https://github.com/plone/volto/releases/tag/19.0.0-alpha.4

Advisory provided by GitHub Security Advisory Database. Published: August 28, 2025, Modified: August 28, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post
Reddit 1 week ago
crstux
Exploit

🔥 Top 10 Trending CVEs (02/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-4609](https://nvd.nist.gov/vuln/detail/CVE-2025-4609)** - 📝 Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a …

Also mentions: CVE-2025-55177 CVE-2025-9478 CVE-2025-57819 CVE-2025-4609 CVE-2025-43300 CVE-2025-8088 CVE-2024-7206 CVE-2024-7205 CVE-2018-13374
2
2.0
View Original High Risk

References

https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5
https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a
https://github.com/plone/volto/releases/tag/16.34.0
https://github.com/plone/volto/releases/tag/17.22.1
https://github.com/plone/volto/releases/tag/18.24.0
https://github.com/plone/volto/releases/tag/19.0.0-alpha.4
Published: 2025-08-28T17:10:58.381Z
Last Modified: 2025-08-28T18:35:51.922Z
Copied to clipboard!