PT-2025-35103 · Contao · Contao

Fritzmg

Published

2025-08-28

Updated

2025-08-28

CVE-2025-57757

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 5.3.38 Contao versions prior to 5.6.1

Description: Contao is an Open Source CMS. News items from protected news archives within a news feed are not filtered and become publicly available in the RSS feed. A workaround involves not adding protected news archives to the news feed page.

Recommendations: Update to Contao version 5.3.38. Update to Contao version 5.6.1. Do not add protected news archives to the news feed page.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-212

Related Identifiers

CVE-2025-57757

GHSA-W53M-GXVG-VX7P

Affected Products

Contao

PT-2025-35103 · Contao · Contao

CVE-2025-57757

Weakness Enumeration

Related Identifiers

Affected Products

References · 11