CVE-2025-61668

CVE-2025-61668 affects Volto (Plone ReactJS frontend). Versions 16.34.0 and earlier; 17.0.0–17.22.1; 18.0.0–18.27.1; and 19.0.0-alpha.1–19.0.0-alpha.5 allow an anonymous user to trigger a NodeJS server crash by visiting a specific URL. Root cause: improper handling of a crafted URL request leadin...

CVE-2025-61668 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...