CVE-2025-58052
HIGHDescription
Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue.
Is your site exposed to CVE-2025-58052?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| galette | galette |
References
Frequently Asked Questions
What is CVE-2025-58052? +
How severe is CVE-2025-58052? +
What products are affected by CVE-2025-58052? +
How do I check if I'm vulnerable to CVE-2025-58052? +
Related Vulnerabilities
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version …
Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if …
Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to …
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently …
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization …
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 …