Home > Vulnerability Database > CVE-2025-57758

Mend.io Vulnerability Database

CVE-2025-57758

Good to know:

Date: August 28, 2025

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.

Severity Score

4.3

Related Resources (6)

Url: https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v

Url: https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57758

Url: https://github.com/contao/contao

Url: https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7

Url: https://www.mend.io/vulnerability-database/CVE-2025-57758

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version contao/core-bundle - 5.3.38;contao/core-bundle - 5.6.1;contao/contao - 5.3.38;contao/contao - 5.6.1;https://github.com/contao/contao.git - 5.3.38;https://github.com/contao/contao.git - 5.6.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57758

Good to know:

Date: August 28, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?