CVE-2025-65960
6.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| contao | contao | >= 4.0.0, < 4.13.57 | affected |
| contao | contao | >= 5.0.0-RC1, < 5.3.42 | affected |
| contao | contao | >= 5.4.0-RC1, < 5.6.5 | affected |
Weaknesses
- CWE-351: CWE-351: Insufficient Type Distinction
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
- https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.