CVE-2025-57757
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-09-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| contao | contao | From 5.3.0 (inc) to 5.3.38 (exc) |
| contao | contao | From 5.4.0 (inc) to 5.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-212 | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Contao CMS occurs when a news feed includes protected news archives, but the news items within these archives are not properly filtered. As a result, these protected news items become publicly accessible through the RSS feed, exposing information that should be restricted. The issue affects Contao versions from 5.0.0 up to versions prior to 5.3.38 and 5.6.1. The root cause is that the system does not check user permissions correctly when generating the news feed, allowing unauthorized access to protected content. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of protected news items via the RSS feed, potentially exposing sensitive or restricted information to the public. Since the news items from protected archives are not filtered properly, anyone accessing the RSS feed can view content that should be restricted, which may result in information leakage and privacy concerns. The vulnerability has a moderate severity with a CVSS score of 5.3 and can be exploited remotely without any privileges or user interaction. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the RSS feeds generated by the Contao CMS news module to see if news items from protected news archives are publicly accessible. Specifically, you can fetch the RSS feed URL and check if it contains news items that should be protected. For example, using a command like `curl -s <RSS_FEED_URL> | grep '<item>'` to list news items in the feed and verify if any belong to protected archives. Additionally, reviewing the Contao version in use can help identify if it is vulnerable (versions from 5.0.0 up to 5.3.37, all 5.4 and 5.5, and 5.6 up to 5.6.0 are affected). [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation steps are to upgrade Contao CMS to version 5.3.38 or 5.6.1 where the vulnerability is patched. If upgrading is not immediately possible, as a temporary workaround, avoid adding protected news archives to the news feed pages to prevent their news items from being publicly exposed in the RSS feed. [1, 2]