CNNVD-202508-3319 Information

Aug 28, 2025 cve

CNNVD ID

CNNVD-202508-3319

CVE-2025-57758

CNNVD Published: 2025-08-28

Description (Chinese)

Contao是Contao开源的一套采用PHP开发的开源内容管理系统（CMS）。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 5.3.38版本和5.6.1之前版本存在访问控制错误漏洞，该漏洞源于后端表访问投票器未检查用户模块访问权限。

Description (English)

Contao is an open-source content management system (CMS) developed using PHP. The system supports search engines, authority management and the CSS framework. There was an access control error gap in the Contao version 5.3.38 and previous versions of 5.6.1, which resulted from the failure of the back-end access voters to check user module access.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Contemporary Controls

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7 https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters https://nvd.nist.gov/vuln/detail/CVE-2025-57758 https://vigilance.fr/vulnerability/Contao-write-access-via-Back-End-Voters-48084

Patch

https://contao.org/en/download

Share on: