Primary

Context

Contao Improper Privilege Management Vulnerability in Core Bundle Allowing Unauthorized Edits to Pages and Articles

Vulnerability

Patched

A vulnerability exists in Contao versions 5.3.0 prior to 5.3.38, as well as in version 5.4 and 5.5, allowing back end users to edit certain fields of pages and articles without the required permissions. This issue has been addressed in Contao versions 5.3.38 and 5.6.1.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of page and article fields by back end users.

Remediation

Users are advised to upgrade to Contao versions 5.3.38 or 5.6.1.

Added: Aug 28, 2025, 5:21 PM

Updated: Aug 28, 2025, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Contao Improper Privilege Management Vulnerability in Core Bundle Allowing Unauthorized Edits to Pages and Articles

Vulnerability

Impact

Remediation

Affected Products

Contao

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating