Unrated severityOSV Advisory· Published Dec 19, 2025· Updated Dec 19, 2025
Galette has access control bypass
CVE-2025-53922
Description
Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.