Vulnerability Database
296,108
Total vulnerabilities in the database
CVE-2025-57758
Impact
The table access voter in the back end doesn't check if a user is allowed to access the corresponding module.
Patches
Update to Contao 5.3.38 or 5.6.1.
Workarounds
Do not rely solely on the voter and additionally check USER_CAN_ACCESS_MODULE.
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
| Software | From | Fixed in |
|---|---|---|
contao / core-bundle
|
5.0.0 | 5.3.38 |
|
contao / core-bundle
|
5.4.0-RC1 | 5.6.1 |
|
contao / contao
|
5.0.0 | 5.3.38 |
|
contao / contao
|
5.4.0-RC1 | 5.6.1 |