Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2025-57811

You must have administrator access, and ALLOW_ADMIN_CHANGES must be enabled for this to work.

https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production

Note: This is a follow-up to GHSA-f3cw-hg6r-chfv

Users should update to the patched versions (4.16.6 and 5.8.7) to mitigate the issue.

References: https://github.com/craftcms/cms/pull/17612

Published: Aug 25, 2025
Updated: Aug 26, 2025
CVE: CVE-2025-57811
GHSA: GHSA-crcq-738g-pqvc
Severity: Medium
Exploit:

No technical information available.

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
craftcms / cms	4.0.0-RC1	4.16.6
craftcms / cms	5.0.0-RC1	5.8.7