AI description
CVE-2025-58047 affects Volto, a React-based frontend for the Plone Content Management System (CMS). The vulnerability exists in versions prior to 16.34.0, as well as in versions 17.0.0 before 17.22.1, 18.0.0 before 18.24.0, and 19.0.0-alpha.1 before 19.0.0-alpha.4. An anonymous user can cause the NodeJS server component of Volto to crash by visiting a specific URL. This is possible due to improper handling of exceptional conditions. The vulnerability can be exploited by crafting a specific URL that, when visited, triggers an error that causes the NodeJS server process to terminate. This results in a denial-of-service (DoS) condition. Patches are available in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4.
- Description
- Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-755
- Hype score
- Not currently trending
⚠️⚠️ CVE-2025-58047: A Single URL Can Crash Your Website: Critical DoS Flaw 🎯29k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link: https://t.co/Jq13DEfLG2 FOFA Query:app="Plone" 🔖Refer:https://t.co/JlfVapviiX #OSINT #FOFA #CyberSecurity #V
@fofabot
2 Sept 2025
1082 Impressions
0 Retweets
10 Likes
3 Bookmarks
1 Reply
0 Quotes
⚠️ Threat Alert: CVE-2025-58047 🛠️ Affected: Volto CMS (Plone) 💣 Exploit: DoS via crafted URL 📊 76.5K+ vulnerable services #OSINT #CVE #CyberThreat https://t.co/QJZl1YYzVz
@hina_tani94796
1 Sept 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-58047: A Single URL Can Crash Your Website: Critical DoS Flaw Found in Volto CMS 📊76.5K+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/DIvIGUpMPs 👇Query HUNTER : https://t.co/q9rtuGfZuz="Plone" https://t.co/uoAa
@HunterMapping
1 Sept 2025
3087 Impressions
7 Retweets
43 Likes
15 Bookmarks
1 Reply
1 Quote
Plone Zope Security Teamは、Plone CMSのReactJSベースフロントエンドVoltoにおけるDoS脆弱性(CVE-2025-58047)を公表した。CVSSスコアは7.5で高深刻度に分類される。
@yousukezan
31 Aug 2025
1153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58047 Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to… https://t.co/6Tp5Xbriwd
@CVEnew
28 Aug 2025
356 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes