CVE-2025-57758: Contao applies improper access control in the back end voters
The table access voter in the back end doesn’t check if a user is allowed to access the corresponding module.
References
- contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
- github.com/advisories/GHSA-7m47-r75r-cx8v
- github.com/contao/contao
- github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
- github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
- nvd.nist.gov/vuln/detail/CVE-2025-57758
Code Behaviors & Features
Detect and mitigate CVE-2025-57758 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →