{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T09:12:19.582","vulnerabilities":[{"cve":{"id":"CVE-2025-57759","sourceIdentifier":"security-advisories@github.com","published":"2025-08-28T17:15:36.597","lastModified":"2025-09-02T17:36:12.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds."},{"lang":"es","value":"Contao es un CMS de código abierto. En versiones a partir de la 5.3.0 y anteriores a la 5.3.38 y la 5.6.1, bajo ciertas condiciones, los usuarios del *back end* podrían editar campos de páginas y artículos sin tener los permisos necesarios. Este problema ha sido parcheado en las versiones 5.3.38 y 5.6.1. No hay soluciones alternativas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.38","matchCriteriaId":"33F26EC5-04D5-48B8-9633-63E661CE2103"},{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.6.1","matchCriteriaId":"AC84DCCC-B7C2-43DB-AFFA-F3464B640F78"}]}]}],"references":[{"url":"https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]}]}}]}