CVE-2025-58047
HIGHDescription
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
Is your site exposed to CVE-2025-58047?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-58047? +
How severe is CVE-2025-58047? +
How do I check if I'm vulnerable to CVE-2025-58047? +
Related Vulnerabilities
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests …
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS …
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, …
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability …
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. …
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as …