Home

Description

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-28 | Updated 2025-08-28 | Assigner GitHub_M




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-269: Improper Privilege Management

Product status

>= 5.3.0, < 5.3.38
affected

>= 5.4.0-RC1, < 5.6.1
affected

References

github.com/...contao/security/advisories/GHSA-qqfq-7cpp-hcqj

github.com/...ommit/80ee7db12d55ad979d9b1b180f273d4e2668851f

contao.org/...ivilege-management-for-page-and-article-fields

cve.org (CVE-2025-57759)

nvd.nist.gov (CVE-2025-57759)

Download JSON