CVE-2025-57759

Опубликовано: 28 авг. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.

Ссылки

https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields
Vendor Advisory
https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f
Patch
https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

Версия от 5.3.0 (включая) до 5.3.38 (исключая)

cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

Версия от 5.4.0 (включая) до 5.6.1 (исключая)

EPSS

Процентиль: 12%

0.00039

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-qqfq-7cpp-hcqj