VYPR
Medium severity4.3NVD Advisory· Published Aug 28, 2025· Updated Jun 17, 2026

CVE-2025-57759

CVE-2025-57759

Description

Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
contao/core-bundlePackagist
>= 5.3.0, < 5.3.385.3.38
contao/core-bundlePackagist
>= 5.4.0-RC1, < 5.6.15.6.1
contao/contaoPackagist
>= 5.3.0, < 5.3.385.3.38
contao/contaoPackagist
>= 5.4.0-RC1, < 5.6.15.6.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.