Vulnerability Database

308,820

Total vulnerabilities in the database

CVE-2025-57759

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.

Published: Aug 28, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-57759
GHSA: GHSA-qqfq-7cpp-hcqj
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
contao / core-bundle	5.3.0	5.3.38
contao / core-bundle	5.4.0-RC1	5.6.1
contao / contao	5.3.0	5.3.38
contao / contao	5.4.0-RC1	5.6.1
contao / contao	5.3.0	5.3.38
contao / contao	5.4.0	5.6.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo