{"id":"CVE-2025-58047","summary":"Volto affected by possible DoS by invoking specific URL by anonymous user","details":"Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.","aliases":["GHSA-xjhf-7833-3pm5"],"modified":"2026-04-10T05:31:14.787494Z","published":"2025-08-28T17:10:58.381Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58047.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-755"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/08/28/3"},{"type":"WEB","url":"https://github.com/plone/volto/releases/tag/16.34.0"},{"type":"WEB","url":"https://github.com/plone/volto/releases/tag/17.22.1"},{"type":"WEB","url":"https://github.com/plone/volto/releases/tag/18.24.0"},{"type":"WEB","url":"https://github.com/plone/volto/releases/tag/19.0.0-alpha.4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58047.json"},{"type":"ADVISORY","url":"https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58047"},{"type":"FIX","url":"https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plone/volto","events":[{"introduced":"0"},{"fixed":"bf1a7ceacf234f222052d5c5a5a210aa3630d187"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"16.34.0"}]}},{"type":"GIT","repo":"https://github.com/plone/volto","events":[{"introduced":"05da2b2f4703083159332cacddc60715a82c0d51"},{"fixed":"31702f552aa6d9a9d52543d711b634738426e279"}],"database_specific":{"versions":[{"introduced":"17.0.0"},{"fixed":"17.22.1"}]}},{"type":"GIT","repo":"https://github.com/plone/volto","events":[{"introduced":"92e50ee11c2150485298a95c0498af85f4396f32"},{"fixed":"7591fff2e732febcb404b540956578f991333bd6"}],"database_specific":{"versions":[{"introduced":"18.0.0"},{"fixed":"18.24.0"}]}},{"type":"GIT","repo":"https://github.com/plone/volto","events":[{"introduced":"c207e1ea1336e639fc08fe6525f91bdc1f237b46"},{"fixed":"3214ae4d331b017abc4620b02dfa18ea88ecdd61"}],"database_specific":{"versions":[{"introduced":"19.0.0-alpha.1"},{"fixed":"19.0.0-alpha.4"}]}}],"versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.5.0","0.6.0","0.7.0","0.8.0","0.8.1","0.8.2","0.8.3","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","1.0.0","1.1.0","1.10.0","1.2.0","1.2.1","1.3.0","1.4.0","1.5.0","1.5.1","1.5.2","1.6.0","1.6.1","1.7.0","1.8.0","1.8.1","1.8.2","1.8.3","1.9.0","10.0.0","10.1.0","10.10.0","10.2.0","10.3.0","10.4.0","10.4.1","10.4.2","10.4.3","10.5.0","10.6.0","10.6.1","10.7.0","10.8.0","10.9.0","10.9.1","10.9.2","11.0.0","11.1.0","12.0.0","12.0.0-alpha.0","12.1.0","12.1.1","12.1.2","12.10.0","12.10.1","12.11.0","12.12.0","12.13.0","12.14.0","12.2.0","12.3.0","12.4.0","12.4.1","12.4.2","12.5.0","12.6.0","12.6.1","12.7.0","12.8.0","12.9.0","13.0.0","13.0.0-alpha.0","13.0.0-alpha.1","13.0.0-alpha.10","13.0.0-alpha.2","13.0.0-alpha.3","13.0.0-alpha.4","13.0.0-alpha.5","13.0.0-alpha.6","13.0.0-alpha.7","13.0.0-alpha.8","13.0.0-alpha.9","13.0.1","13.0.2","13.1.0","13.1.1","13.1.2","13.10.0","13.11.0","13.12.0","13.13.0","13.14.0","13.15.0","13.2.0","13.2.1","13.2.2","13.3.0","13.3.1","13.4.0","13.5.0","13.6.0","13.7.0","13.8.0","13.8.1","13.8.2","13.8.3","13.9.0","14.0.0","14.0.0-alpha.0","14.0.0-alpha.1","14.0.0-alpha.10","14.0.0-alpha.11","14.0.0-alpha.12","14.0.0-alpha.13","14.0.0-alpha.14","14.0.0-alpha.15","14.0.0-alpha.16","14.0.0-alpha.17","14.0.0-alpha.18","14.0.0-alpha.19","14.0.0-alpha.2","14.0.0-alpha.20","14.0.0-alpha.21","14.0.0-alpha.22","14.0.0-alpha.23","14.0.0-alpha.24","14.0.0-alpha.25","14.0.0-alpha.26","14.0.0-alpha.27","14.0.0-alpha.28","14.0.0-alpha.29","14.0.0-alpha.3","14.0.0-alpha.30","14.0.0-alpha.31","14.0.0-alpha.32","14.0.0-alpha.33","14.0.0-alpha.34","14.0.0-alpha.35","14.0.0-alpha.36","14.0.0-alpha.37","14.0.0-alpha.38","14.0.0-alpha.39","14.0.0-alpha.4","14.0.0-alpha.40","14.0.0-alpha.41","14.0.0-alpha.42","14.0.0-alpha.5","14.0.0-alpha.6","14.0.0-alpha.7","14.0.0-alpha.8","14.0.0-alpha.9","14.0.1","14.0.2","14.1.0","14.1.1","14.10.0","14.2.0","14.2.1","14.2.2","14.2.3","14.3.0","14.4.0","14.5.0","14.6.0","14.7.0","14.7.1","14.8.0","14.8.1","14.9.0","15.0.0","15.0.0-alpha.0","15.0.0-alpha.1","15.0.0-alpha.10","15.0.0-alpha.11","15.0.0-alpha.12","15.0.0-alpha.13","15.0.0-alpha.14","15.0.0-alpha.2","15.0.0-alpha.3","15.0.0-alpha.4","15.0.0-alpha.5","15.0.0-alpha.6","15.0.0-alpha.7","15.0.0-alpha.8","15.0.0-alpha.9","15.1.0","15.1.1","15.1.2","15.2.0","15.2.1","15.2.2","15.2.3","15.3.0","15.4.0","15.4.1","15.5.0","15.6.0","15.6.1","15.7.0","15.8.0","16.0.0","16.0.0-alpha.0","16.0.0-alpha.1","16.0.0-alpha.10","16.0.0-alpha.11","16.0.0-alpha.12","16.0.0-alpha.13","16.0.0-alpha.14","16.0.0-alpha.15","16.0.0-alpha.16","16.0.0-alpha.17","16.0.0-alpha.18","16.0.0-alpha.19","16.0.0-alpha.2","16.0.0-alpha.20","16.0.0-alpha.21","16.0.0-alpha.22","16.0.0-alpha.23","16.0.0-alpha.24","16.0.0-alpha.25","16.0.0-alpha.26","16.0.0-alpha.27","16.0.0-alpha.28","16.0.0-alpha.29","16.0.0-alpha.3","16.0.0-alpha.30","16.0.0-alpha.31","16.0.0-alpha.32","16.0.0-alpha.33","16.0.0-alpha.34","16.0.0-alpha.35","16.0.0-alpha.36","16.0.0-alpha.37","16.0.0-alpha.38","16.0.0-alpha.39","16.0.0-alpha.4","16.0.0-alpha.40","16.0.0-alpha.41","16.0.0-alpha.42","16.0.0-alpha.43","16.0.0-alpha.44","16.0.0-alpha.45","16.0.0-alpha.46","16.0.0-alpha.47","16.0.0-alpha.48","16.0.0-alpha.49","16.0.0-alpha.5","16.0.0-alpha.50","16.0.0-alpha.51","16.0.0-alpha.52","16.0.0-alpha.53","16.0.0-alpha.6","16.0.0-alpha.7","16.0.0-alpha.8","16.0.0-alpha.9","16.0.0-rc.1","16.0.0-rc.2","16.0.0-rc.3","16.1.0","16.10.0","16.11.0","16.12.0","16.13.0","16.14.0","16.15.0","16.16.0","16.17.0","16.17.1","16.18.0","16.19.0","16.2.0","16.20.0","16.20.1","16.20.2","16.20.3","16.20.4","16.20.5","16.20.6","16.20.7","16.20.8","16.21.0","16.21.1","16.21.2","16.21.3","16.22.0","16.22.1","16.22.2","16.23.0","16.24.0","16.25.0","16.26.0","16.26.1","16.27.0","16.28.0","16.28.1","16.29.0","16.3.0","16.30.0","16.30.1","16.30.2","16.30.3","16.31.0","16.31.1","16.31.10","16.31.11","16.31.12","16.31.2","16.31.3","16.31.4","16.31.5","16.31.6","16.31.7","16.31.8","16.31.9","16.32.0","16.32.1","16.33.0","16.4.0","16.4.1","16.5.0","16.6.0","16.7.0","16.8.0","16.8.1","16.9.0","17.0.0","17.0.1","17.1.0","17.1.1","17.10.0","17.11.0","17.11.1","17.11.2","17.11.3","17.11.4","17.11.5","17.12.0","17.12.1","17.13.0","17.14.0","17.15.0","17.15.1","17.15.2","17.15.3","17.15.4","17.15.5","17.15.6","17.16.0","17.16.1","17.16.2","17.17.0","17.18.0","17.18.1","17.18.2","17.19.0","17.2.0","17.20.0","17.20.1","17.20.2","17.20.3","17.20.4","17.21.0","17.22.0","17.3.0","17.4.0","17.5.0","17.6.0","17.6.1","17.7.0","17.8.0","17.9.0","18.0.0","18.0.1","18.0.2","18.0.3","18.1.0","18.1.1","18.1.2","18.10.0","18.10.1","18.11.0","18.11.1","18.12.0","18.12.1","18.13.0","18.14.0","18.14.1","18.15.0","18.15.1","18.16.0","18.17.0","18.18.0","18.19.0","18.2.0","18.2.1","18.2.2","18.2.3","18.20.0","18.21.0","18.22.0","18.23.0","18.3.0","18.4.0","18.5.0","18.6.0","18.7.0","18.8.0","18.8.1","18.8.2","18.9.0","18.9.1","18.9.2","19.0.0-alpha.1","19.0.0-alpha.2","19.0.0-alpha.3","2.0.0","2.1.0","2.1.1","2.1.2","2.1.3","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","4.0.0","4.0.0-alpha.0","4.0.0-alpha.1","4.0.0-alpha.10","4.0.0-alpha.11","4.0.0-alpha.12","4.0.0-alpha.18","4.0.0-alpha.19","4.0.0-alpha.2","4.0.0-alpha.20","4.0.0-alpha.21","4.0.0-alpha.22","4.0.0-alpha.23","4.0.0-alpha.25","4.0.0-alpha.26","4.0.0-alpha.27","4.0.0-alpha.28","4.0.0-alpha.29","4.0.0-alpha.3","4.0.0-alpha.30","4.0.0-alpha.31","4.0.0-alpha.32","4.0.0-alpha.33","4.0.0-alpha.34","4.0.0-alpha.35","4.0.0-alpha.36","4.0.0-alpha.37","4.0.0-alpha.38","4.0.0-alpha.39","4.0.0-alpha.4","4.0.0-alpha.40","4.0.0-alpha.41","4.0.0-alpha.42","4.0.0-alpha.43","4.0.0-alpha.5","4.0.0-alpha.6","4.0.0-alpha.7","4.0.0-alpha.8","4.0.0-alpha.9","4.0.1","4.1.0","4.1.1","4.1.2","4.2.0","4.3.0","4.4.0","4.5.0","4.6.0","5.0.0","5.0.1","5.1.0","5.10.0","5.2.0","5.2.1","5.3.0","5.4.0","5.5.0","5.6.0","5.6.1","5.7.0","5.7.1","5.8.0","5.9.0","5.9.1","6.0.0","6.1.0","6.3.0","6.4.0","6.4.1","6.5.0","7.0.0","7.0.1","7.1.0","7.1.1","7.10.0","7.11.0","7.11.1","7.11.2","7.11.3","7.12.0","7.12.1","7.13.0","7.14.0","7.14.1","7.14.2","7.15.0","7.2.0","7.2.1","7.3.0","7.3.1","7.4.0","7.5.0","7.5.1","7.6.0","7.7.0","7.7.1","7.7.2","7.8.0","7.8.1","7.8.2","7.8.3","7.9.0","7.9.1","7.9.2","8.0.0","8.0.1","8.1.0","8.1.1","8.10.0","8.10.1","8.2.0","8.2.1","8.2.2","8.2.3","8.2.4","8.2.5","8.2.6","8.3.0","8.4.0","8.5.0","8.5.0-alpha.0","8.5.0-alpha.1","8.5.0-alpha.2","8.5.1","8.5.2","8.5.3","8.5.4","8.6.0","8.7.0","8.7.1","8.8.0","8.8.1","8.9.0","8.9.1","8.9.2","9.0.0","9.1.0","9.2.0","generator-volto-2.2.0","generator-volto-2.3.0","generator-volto-2.4.0","generator-volto-3.0.0-alpha.0","generator-volto-4.0.0","generator-volto-4.0.0-alpha.0","generator-volto-4.0.0-alpha.1","generator-volto-4.0.1","generator-volto-4.1.0","generator-volto-4.2.0","generator-volto-4.3.0","generator-volto-4.3.1","generator-volto-5.0.0","generator-volto-5.0.0-alpha.0","generator-volto-5.0.0-alpha.1","generator-volto-5.0.0-alpha.2","generator-volto-5.0.1","generator-volto-5.0.2","generator-volto-5.1.0","generator-volto-5.2.0","generator-volto-5.3.0","generator-volto-5.4.0","generator-volto-5.5.0","generator-volto-5.5.1","generator-volto-5.6.0","generator-volto-5.6.1","generator-volto-5.6.2","generator-volto-5.6.3","generator-volto-5.7.0","generator-volto-5.8.0","generator-volto-5.9.0","generator-volto-5.9.1","generator-volto-5.9.2","generator-volto-5.9.3","generator-volto-6.0.0-alpha.0","generator-volto-6.0.0-alpha.1","generator-volto-6.0.0-alpha.2","generator-volto-6.0.0-alpha.3","generator-volto-6.4.0","generator-volto-6.4.1","generator-volto-7.0.0","generator-volto-7.0.1","generator-volto-8.1.0","generator-volto-8.1.1","generator-volto-8.1.2","generator-volto-8.1.3","generator-volto-8.1.4","generator-volto-9.0.0","generator-volto-9.0.1","plone-blocks-1.0.0-alpha.2","plone-blocks-1.0.0-alpha.3","plone-client-1.0.0-alpha.20","plone-client-1.0.0-alpha.21","plone-client-1.0.0-alpha.22","plone-client-1.0.0-alpha.23","plone-components-2.1.0","plone-components-2.1.1","plone-components-2.2.0","plone-components-2.2.1","plone-components-3.0.0","plone-components-3.0.1","plone-components-3.0.2","plone-helpers-1.0.0","plone-helpers-1.0.1","plone-helpers-1.0.2","plone-providers-1.0.0-alpha.4","plone-providers-1.0.0-alpha.5","plone-providers-1.0.0-alpha.6","plone-providers-1.0.0-alpha.7","plone-providers-1.0.0-alpha.8","plone-react-router-1.0.0","plone-react-router-1.0.1","plone-registry-2.1.0","plone-registry-2.1.1","plone-registry-2.1.2","plone-registry-2.2.0","plone-registry-2.3.0","plone-registry-2.4.0","plone-registry-2.4.1","plone-registry-2.5.0","plone-registry-2.5.1","plone-registry-2.5.2","plone-registry-2.5.3","plone-registry-2.5.4","plone-registry-3.0.0-alpha.4","plone-scripts-1.0.0","plone-scripts-1.0.1","plone-scripts-1.0.2","plone-scripts-1.0.3","plone-scripts-1.1.0","plone-scripts-1.2.0","plone-scripts-1.3.0","plone-scripts-1.4.0","plone-scripts-1.4.1","plone-scripts-1.5.0","plone-scripts-1.6.0","plone-scripts-2.0.0","plone-scripts-2.1.0","plone-scripts-2.1.1","plone-scripts-2.1.2","plone-scripts-3.0.1","plone-scripts-3.10.0","plone-scripts-3.10.1","plone-scripts-3.8.0","plone-scripts-3.8.1","plone-scripts-3.8.2","plone-scripts-3.9.0","plone-slate-18.0.0","plone-slate-18.0.1","plone-slate-18.0.2","plone-slate-18.0.3","plone-slate-18.0.4","plone-slate-18.1.0","plone-slate-18.2.0","plone-slate-18.2.1","plone-slate-18.2.2","plone-slate-18.2.3","plone-slate-18.3.0","plone-slate-18.3.1","plone-slate-18.4.0","plone-slate-18.5.0","plone-slate-19.0.0-alpha.1","plone-slate-19.0.0-alpha.2","plone-slate-19.0.0-alpha.3","plone-slots-1.0.0-alpha.0","plone-slots-1.0.0-alpha.1","plone-theming-1.0.0-alpha.0","plone-types-1.1.0","plone-types-1.2.0","plone-types-1.3.0","plone-types-1.3.1","plone-types-1.3.2","plone-types-1.3.3","plone-types-1.4.0","plone-types-1.4.1","plone-types-1.4.2","plone-types-1.4.3","plone-types-1.4.4","plone-types-1.4.5","plone-types-2.0.0-alpha.4","plone-volto-testing-1.0.0","plone-volto-testing-2.0.0","plone-volto-testing-2.0.1","plone-volto-testing-4.0.0","plone-volto-testing-5.0.0-alpha.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}