{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T07:03:40.189","vulnerabilities":[{"cve":{"id":"CVE-2025-57756","sourceIdentifier":"security-advisories@github.com","published":"2025-08-28T17:15:36.023","lastModified":"2025-09-02T17:39:29.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search."},{"lang":"es","value":"Contao es un CMS de código abierto. En versiones a partir de la 4.9.14 y anteriores a la 4.13.56, 5.3.38 y 5.6.1, los elementos de contenido protegidos que se renderizan como fragmentos se indexan y se vuelven públicamente disponibles en la búsqueda del *front end*. Este problema ha sido parcheado en las versiones 4.13.56, 5.3.38 y 5.6.1. Una solución alternativa implica deshabilitar la búsqueda del *front end*."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-612"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.0","versionEndIncluding":"4.9.14","matchCriteriaId":"DEA37692-4A35-4C0E-95C5-ABE4B9142441"},{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.0","versionEndExcluding":"4.13.56","matchCriteriaId":"82752B8E-B939-4ADA-A7E5-595890EBA810"},{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.3.38","matchCriteriaId":"CD3F6788-0473-4C0E-8602-2B66A518B9D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.6.1","matchCriteriaId":"AC84DCCC-B7C2-43DB-AFFA-F3464B640F78"}]}]}],"references":[{"url":"https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]}]}}]}