Home > Vulnerability Database > CVE-2025-57759

Mend.io Vulnerability Database

CVE-2025-57759

Good to know:

Date: August 28, 2025

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.

Severity Score

4.3

Related Resources (6)

Url: https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields

Url: https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57759

Url: https://github.com/contao/contao

Url: https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj

Url: https://www.mend.io/vulnerability-database/CVE-2025-57759

Severity Score

4.3

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version https://github.com/contao/contao.git - 5.3.38;https://github.com/contao/contao.git - 5.6.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57759

Good to know:

Date: August 28, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?