by Leo Feyer

Improper privilege management for page and article fields

Date: 2025-08-28
CVE ID: CVE-2025-57759

Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions.

Affected versions

Contao 5.3 up to 5.3.37
Contao 5.4
Contao 5.5
Contao 5.6 up to 5.6.0

Suggested solution

Upgrade to Contao 5.3.38 or 5.6.1.

Workaround

None.

More information

https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj

Show all security advisories