CVE-2025-61668
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| plone | volto | 18.0.0 |
| plone | volto | 17.0.0 |
| plone | volto | 19.0.0-alpha.1 |
| plone | volto | 16.34.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Volto frontend for the Plone CMS. In certain versions, an anonymous user can cause the NodeJS server component of Volto to crash by visiting a specific URL, leading to a denial of service.
How can this vulnerability impact me? :
The vulnerability can cause the Volto NodeJS server to quit unexpectedly, resulting in a denial of service. This can disrupt availability of the affected web application, potentially causing downtime and loss of service for users.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Volto to one of the fixed versions: 16.34.1, 17.22.2, 18.27.2, or 19.0.0-alpha.6.