High severityOSV Advisory· Published Oct 2, 2025· Updated Apr 15, 2026
CVE-2025-61668
CVE-2025-61668
Description
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@plone/voltonpm | < 16.34.1 | 16.34.1 |
@plone/voltonpm | >= 17.0.0, < 17.22.2 | 17.22.2 |
@plone/voltonpm | >= 18.0.0, < 18.27.2 | 18.27.2 |
@plone/voltonpm | >= 19.0.0-alpha.1, < 19.0.0-alpha.6 | 19.0.0-alpha.6 |
Affected products
2- Range: 17.0.0, 17.0.1, 17.1.0, …
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-m8rj-ppph-mj33ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-61668ghsaADVISORY
- github.com/plone/volto/releases/tag/18.27.2nvdWEB
- github.com/plone/volto/commit/58d9f82d2d50ca9a87edbe16fed91762e57c109cnvdWEB
- github.com/plone/volto/pull/7412nvdWEB
- github.com/plone/volto/pull/7413nvdWEB
- github.com/plone/volto/releases/tag/16.34.1nvdWEB
- github.com/plone/volto/releases/tag/17.22.2nvdWEB
- github.com/plone/volto/releases/tag/19.0.0-alpha.6nvdWEB
- github.com/plone/volto/security/advisories/GHSA-m8rj-ppph-mj33nvdWEB
News mentions
0No linked articles in our index yet.