Unrated severityOSV Advisory· Published Dec 19, 2025· Updated Dec 19, 2025

Galette has access control bypass

CVE-2025-53922

Description

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.

Affected products

Galette/GaletteOSV
Range: 1.1.4, 1.1.5, 1.2.0-alpha

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000