CVE-2025-57758

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-57758

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-57758.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-57758

Aliases

GHSA-7m47-r75r-cx8v

Published

2025-08-28T17:15:36Z

Modified

2025-08-29T04:50:43.683669Z

Summary

[none]

Details

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USERCANACCESS_MODULE.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type: GIT
Repo: https://github.com/contao/contao
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f05c603e1c94d34819f837f060df5d66447d0d7

Affected versions

4.*

4.10.0

4.10.0-RC1

4.10.0-RC2

4.10.0-RC3

4.10.0-RC4

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.11.0

4.11.0-RC1

4.11.0-RC2

4.11.1

4.11.2

4.11.3

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.12.0

4.12.0-RC1

4.12.0-RC2

4.12.0-RC3

4.12.1

4.12.2

4.12.3

4.12.4

4.12.5

4.12.6

4.12.7

4.13.0

4.13.0-RC1

4.13.0-RC2

4.13.0-RC3

4.13.1

4.13.10

4.13.11

4.13.12

4.13.13

4.13.14

4.13.15

4.13.16

4.13.17

4.13.18

4.13.19

4.13.2

4.13.20

4.13.21

4.13.22

4.13.23

4.13.24

4.13.25

4.13.26

4.13.27

4.13.28

4.13.29

4.13.3

4.13.30

4.13.31

4.13.32

4.13.33

4.13.34

4.13.35

4.13.36

4.13.37

4.13.38

4.13.39

4.13.4

4.13.40

4.13.41

4.13.42

4.13.43

4.13.44

4.13.45

4.13.46

4.13.47

4.13.48

4.13.49

4.13.5

4.13.6

4.13.7

4.13.8

4.13.9

4.4.22

4.4.23

4.4.24

4.4.25

4.4.26

4.4.27

4.4.28

4.4.29

4.4.30

4.4.31

4.4.32

4.4.33

4.4.34

4.4.35

4.4.36

4.4.37

4.4.38

4.4.39

4.4.40

4.4.41

4.4.42

4.4.43

4.4.44

4.4.45

4.4.46

4.4.47

4.4.48

4.4.49

4.4.50

4.4.51

4.4.52

4.4.53

4.4.54

4.4.55

4.5.13

4.5.14

4.6.0

4.6.1

4.6.10

4.6.11

4.6.12

4.6.13

4.6.14

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.6.7

4.6.8

4.6.9

4.7.0

4.7.0-RC1

4.7.0-RC2

4.7.0-RC3

4.7.0-RC4

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.8.0

4.8.0-RC1

4.8.0-RC2

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.8.6

4.8.7

4.8.8

4.9.0

4.9.0-RC1

4.9.0-RC2

4.9.1

4.9.10

4.9.11

4.9.12

4.9.13

4.9.14

4.9.15

4.9.16

4.9.17

4.9.18

4.9.19

4.9.2

4.9.20

4.9.21

4.9.22

4.9.23

4.9.24

4.9.25

4.9.26

4.9.27

4.9.28

4.9.29

4.9.3

4.9.30

4.9.31

4.9.32

4.9.33

4.9.34

4.9.35

4.9.36

4.9.37

4.9.38

4.9.39

4.9.4

4.9.40

4.9.41

4.9.5

4.9.6

4.9.7

4.9.8

4.9.9

5.*

5.0.0

5.0.0-RC1

5.0.0-RC2

5.0.0-RC3

5.0.0-RC4

5.0.1

5.0.10

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.1.0

5.1.0-RC1

5.1.0-RC2

5.1.0-RC3

5.1.1

5.1.10

5.1.11

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.1.8

5.1.9

5.2.0

5.2.0-RC1

5.2.0-RC2

5.2.0-RC3

5.2.0-RC4

5.2.0-RC5

5.2.0-RC6

5.2.1

5.2.10

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

5.2.8

5.2.9

5.3.0

5.3.0-RC1

5.3.0-RC2

5.3.0-RC3

5.3.0-RC4

5.3.1

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.17

5.3.18

5.3.19

5.3.2

5.3.20

5.3.21

5.3.22

5.3.23

5.3.24

5.3.25

5.3.26

5.3.27

5.3.28

5.3.29

5.3.3

5.3.30

5.3.31

5.3.32

5.3.33

5.3.34

5.3.35

5.3.36

5.3.37

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9