
We found results for “”
CVE-2025-57756
Good to know:

Date: August 28, 2025
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version contao/contao - 4.13.56;contao/contao - 5.3.38;contao/contao - 5.6.1;contao/core-bundle - 4.13.56;contao/core-bundle - 5.3.38;contao/core-bundle - 5.6.1;https://github.com/contao/contao.git - 4.13.56;https://github.com/contao/contao.git - 5.3.38;https://github.com/contao/contao.git - 5.6.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |