CVE-2025-57759 — MEDIUM (4.3)

Q: How severe is CVE-2025-57759?

CVE-2025-57759 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-57759?

Check the references section above for vendor advisories and patch information. Affected products include: Contao Contao.

Vulnerability Description

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Contao	Contao	>= 5.3.0, < 5.3.38

Related Weaknesses (CWE)

CWE-269

References

https://contao.org/en/security-advisories/improper-privilege-management-for-pageVendor Advisory
https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851fPatch
https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqjPatchThird Party Advisory

FAQ

What is CVE-2025-57759?

CVE-2025-57759 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having th...

How severe is CVE-2025-57759?

CVE-2025-57759 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-57759?

Check the references section above for vendor advisories and patch information. Affected products include: Contao Contao.