CVE-2025-57758
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-09-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| contao | contao | From 5.3.0 (inc) to 5.3.38 (exc) |
| contao | contao | From 5.4.0 (inc) to 5.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57758 is an improper access control vulnerability in the Contao CMS back end. Specifically, the table access voter component does not verify if a user is authorized to access the corresponding module, which can allow users with low privileges to access modules they should not be permitted to use. This flaw affects Contao versions from 5.0.0 up to 5.3.37 and 5.6.0. The issue has been fixed in versions 5.3.38 and 5.6.1. A workaround is to not rely solely on the voter but also check the USER_CAN_ACCESS_MODULE permission. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users with low privileges to access backend modules they should not have access to, potentially leading to integrity loss of data or configurations within the Contao CMS. However, it does not impact confidentiality or availability. The attack can be performed remotely over the network with low complexity and does not require user interaction. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-57758, immediately upgrade Contao CMS to version 5.3.38 or 5.6.1 where the vulnerability is patched. As a workaround, do not rely solely on the table access voter for access control; additionally check the USER_CAN_ACCESS_MODULE permission to ensure users are authorized to access the corresponding modules. [1, 2]