Improper privilege management in Contao - CVE-2025-57759
Published: May 5, 2026
Vulnerability identifier: #VU130143
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-57759
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Contao
Affected software:
Contao
Contao
Detailed vulnerability description
The vulnerability allows a remote user to modify page and article fields without the necessary permissions.
The vulnerability exists due to improper privilege management in page and article fields when handling back end editing operations. A remote user can edit fields of pages and articles to modify page and article fields without the necessary permissions.
Under certain conditions, back end users may be able to trigger the issue.
How to mitigate CVE-2025-57759
Install security update from vendor's website.