plone volto up to 16.33.x/17.22.0/18.23.x/19.0.0-alpha.3 exceptional condition

Summaryinfo

A vulnerability was found in plone volto up to 16.33.x/17.22.0/18.23.x/19.0.0-alpha.3. It has been rated as problematic. This vulnerability affects unknown code. The manipulation leads to exceptional condition. This vulnerability is uniquely identified as CVE-2025-58047. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in plone volto up to 16.33.x/17.22.0/18.23.x/19.0.0-alpha.3. This issue affects an unknown function. The manipulation with an unknown input leads to a exceptional condition vulnerability. Using CWE to declare the problem leads to CWE-755. The product does not handle or incorrectly handles an exceptional condition. Impacted is availability. The summary by CVE is:

Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.

The advisory is shared at github.com. The identification of this vulnerability is CVE-2025-58047 since 08/22/2025. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.

Upgrading to version 16.34.0, 17.22.1, 18.24.0 or 19.0.0-alpha.4 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 2789a287ac45ad9039fb9161d465ba13241fff0a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Content Management System

Vendor

• plone

Name

• volto

Version

• 16.0
• 16.1
• 16.2
• 16.3
• 16.4
• 16.5
• 16.6
• 16.7
• 16.8
• 16.9
• 16.10
• 16.11
• 16.12
• 16.13
• 16.14
• 16.15
• 16.16
• 16.17
• 16.18
• 16.19
• 16.20
• 16.21
• 16.22
• 16.23
• 16.24
• 16.25
• 16.26
• 16.27
• 16.28
• 16.29
• 16.30
• 16.31
• 16.32
• 16.33
• 17.0
• 17.1
• 17.2
• 17.3
• 17.4
• 17.5
• 17.6
• 17.7
• 17.8
• 17.9
• 17.10
• 17.11
• 17.12
• 17.13
• 17.14
• 17.15
• 17.16
• 17.17
• 17.18
• 17.19
• 17.20
• 17.21
• 17.22.0
• 18.0
• 18.1
• 18.2
• 18.3
• 18.4
• 18.5
• 18.6
• 18.7
• 18.8
• 18.9
• 18.10
• 18.11
• 18.12
• 18.13
• 18.14
• 18.15
• 18.16
• 18.17
• 18.18
• 18.19
• 18.20
• 18.21
• 18.22
• 18.23
• 19.0.0-alpha.0
• 19.0.0-alpha.1
• 19.0.0-alpha.2
• 19.0.0-alpha.3

License

• open-source

Website

• Product: https://github.com/plone/volto/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion