CVE-2025-57758

by Fred · 28/08/2025

Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn’t check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.

More information : https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters

CVE-2025-57758

Similar

Recent Posts

Categories

CVE-2025-57758

Share this:

Similar

Recent Posts

Categories

Tags