CVE-2025-65960

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-65960
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-65960.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-65960
Aliases
Published
2025-11-25T18:54:48.897Z
Modified
2025-11-28T02:34:36.782342Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Contao is vulnerable to remote code execution in template closures
Details

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65960.json",
    "cwe_ids": [
        "CWE-351"
    ]
}
References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
84b2fe637d5ead531f117f26b48d1b9de8df4074
Fixed
4dc65d395b4c62e0b1f6dbd86f4b5948610f64a5
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.13.57"
        }
    ]
}
Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
d42d220274c313eff0f0b25d1e1725b8aae0353a
Fixed
85d5af6d350d9a72822fc3793c7ab692bb8191e6
Database specific 
{
    "versions": [
        {
            "introduced": "5.0.0-RC1"
        },
        {
            "fixed": "5.3.42"
        }
    ]
}
Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
c5e3841e5107ab36ae2bf7795fb8d51d3d30f88b
Fixed
760f3a8e29ff7b26d3f8c06617eb51dd5559ceac
Database specific 
{
    "versions": [
        {
            "introduced": "5.4.0-RC1"
        },
        {
            "fixed": "5.6.5"
        }
    ]
}

Affected versions

4.*

4.13.10
4.13.11
4.13.12
4.13.13
4.13.14
4.13.15
4.13.16
4.13.17
4.13.18
4.13.19
4.13.20
4.13.21
4.13.22
4.13.23
4.13.24
4.13.25
4.13.26
4.13.27
4.13.28
4.13.29
4.13.30
4.13.31
4.13.32
4.13.33
4.13.34
4.13.35
4.13.36
4.13.37
4.13.38
4.13.39
4.13.40
4.13.41
4.13.42
4.13.43
4.13.44
4.13.45
4.13.46
4.13.47
4.13.48
4.13.49
4.13.7
4.13.8
4.13.9
4.9.32
4.9.33
4.9.34
4.9.35
4.9.36
4.9.37
4.9.38
4.9.39
4.9.40
4.9.41

5.*

5.0.0
5.0.0-RC1
5.0.0-RC2
5.0.0-RC3
5.0.0-RC4
5.0.1
5.0.10
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.1.0
5.1.0-RC1
5.1.0-RC2
5.1.0-RC3
5.1.1
5.1.10
5.1.11
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.2.0
5.2.0-RC1
5.2.0-RC2
5.2.0-RC3
5.2.0-RC4
5.2.0-RC5
5.2.0-RC6
5.2.1
5.2.10
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.3.0
5.3.0-RC1
5.3.0-RC2
5.3.0-RC3
5.3.0-RC4
5.3.1
5.3.10
5.3.11
5.3.12
5.3.13
5.3.14
5.3.15
5.3.16
5.3.17
5.3.18
5.3.19
5.3.2
5.3.20
5.3.21
5.3.22
5.3.23
5.3.24
5.3.25
5.3.26
5.3.27
5.3.28
5.3.29
5.3.3
5.3.30
5.3.31
5.3.32
5.3.33
5.3.34
5.3.35
5.3.36
5.3.37
5.3.38
5.3.39
5.3.4
5.3.40
5.3.41
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.4.0
5.4.0-RC1
5.4.0-RC2
5.4.0-RC3
5.4.0-RC4
5.4.1
5.4.10
5.4.11
5.4.12
5.4.13
5.4.14
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.4.8
5.4.9
5.5.0
5.5.0-RC1
5.5.0-RC2
5.5.0-RC3
5.5.0-RC4
5.5.1
5.5.10
5.5.11
5.5.12
5.5.13
5.5.14
5.5.15
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.0-RC1
5.6.0-RC2
5.6.0-RC3
5.6.1
5.6.2
5.6.3
5.6.4