GHSA-qqfq-7cpp-hcqj

Source

https://github.com/advisories/GHSA-qqfq-7cpp-hcqj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-qqfq-7cpp-hcqj/GHSA-qqfq-7cpp-hcqj.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qqfq-7cpp-hcqj

Aliases

CVE-2025-57759

Published

2025-08-28T14:58:22Z

Modified

2025-08-28T19:30:00.142992Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Contao does not properly manage privileges for page and article fields

Details

Impact

Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions.

Patches

Update to Contao 5.3.38 or 5.6.1.

Workarounds

None.

For more information

If you have any questions or comments about this advisory, open an issue in contao/contao.

Database specific

{
    "nvd_published_at": "2025-08-28T17:15:36Z",
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-28T14:58:22Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-269"
    ]
}

References

Affected packages

Packagist / contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

5.3.38

Affected versions

5.*

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.17

5.3.18

5.3.19

5.3.20

5.3.21

5.3.22

5.3.23

5.3.24

5.3.25

5.3.26

5.3.27

5.3.28

5.3.29

5.3.30

5.3.31

5.3.32

5.3.33

5.3.34

5.3.35

5.3.36

5.3.37

Packagist / contao/core-bundle

Package

Name: contao/core-bundle
Purl: pkg:composer/contao/core-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0-RC1

Fixed

5.6.1

Affected versions

5.*

5.4.0-RC1

5.4.0-RC2

5.4.0-RC3

5.4.0-RC4

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.4.10

5.4.11

5.4.12

5.4.13

5.4.14

5.5.0-RC1

5.5.0-RC2

5.5.0-RC3

5.5.0-RC4

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.5.10

5.5.11

5.5.12

5.5.13

5.5.14

5.5.15

5.5.16

5.6.0-RC1

5.6.0-RC2

5.6.0-RC3

5.6.0

Packagist / contao/contao

Package

Name: contao/contao
Purl: pkg:composer/contao/contao

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

5.3.38

Affected versions

5.*

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.17

5.3.18

5.3.19

5.3.20

5.3.21

5.3.22

5.3.23

5.3.24

5.3.25

5.3.26

5.3.27

5.3.28

5.3.29

5.3.30

5.3.31

5.3.32

5.3.33

5.3.34

5.3.35

5.3.36

5.3.37

Packagist / contao/contao

Package

Name: contao/contao
Purl: pkg:composer/contao/contao

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0-RC1

Fixed

5.6.1

Affected versions

5.*

5.4.0-RC1

5.4.0-RC2

5.4.0-RC3

5.4.0-RC4

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.4.8

5.4.9

5.4.10

5.4.11

5.4.12

5.4.13

5.4.14

5.5.0-RC1

5.5.0-RC2

5.5.0-RC3

5.5.0-RC4

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.5.10

5.5.11

5.5.12

5.5.13

5.5.14

5.5.15

5.5.16

5.6.0-RC1

5.6.0-RC2

5.6.0-RC3

5.6.0