CVE-2025-57757

Опубликовано: 28 авг. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.

Ссылки

https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
Vendor Advisory
https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
Patch
https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

Версия от 5.3.0 (включая) до 5.3.38 (исключая)

cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

Версия от 5.4.0 (включая) до 5.6.1 (исключая)

EPSS

Процентиль: 13%

0.00042

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-w53m-gxvg-vx7p