CVE-2025-57758

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-57758
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57758.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-57758
Aliases
Published
2025-08-28T16:32:38.664Z
Modified
2026-04-10T05:31:10.258147Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Contao has improper access control in the back end voters
Details

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USERCANACCESS_MODULE.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57758.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284"
    ]
}
References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
8cb541c59cb07ecb62fc5c5685c6448f38b97ad8
Fixed
be50a928909e6b8d27eac26274594a0b1a28d15c
Database specific 
{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.3.38"
        }
    ]
}
Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
c5e3841e5107ab36ae2bf7795fb8d51d3d30f88b
Fixed
b9d86dfd3af4b5ee9b2a0f1d3340197cebeb3052
Database specific 
{
    "versions": [
        {
            "introduced": "5.4.0-RC1"
        },
        {
            "fixed": "5.6.1"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57758.json"