VYPR
← All advisories
High severity8.1NVD Advisory· Published Dec 19, 2025· Updated Apr 29, 2026

CVE-2025-58052

CVE-2025-58052

Description

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires privileged access initially, exploitation is restricted to malicious insiders or compromised group managers accounts. Version 1.2.0 fixes the issue.

Affected products

1

Patches

1
ed1a20174348

Bump version

https://github.com/galette/galetteJohan CwiklinskiJun 14, 2025via osv
commit
2 files changed · +3 3
  • galette/includes/sys_config/versions.inc.php+1 1 modified
    @@ -32,6 +32,6 @@
 define('GALETTE_MARIADB_MIN', '10.5');
 define('GALETTE_PGSQL_MIN', '13');
 define('GALETTE_NIGHTLY', false);
-define('GALETTE_VERSION', 'v1.2-dev');
+define('GALETTE_VERSION', 'v1.2.0');
 define('GALETTE_COMPAT_VERSION', '1.2.0');
 define('GALETTE_DB_VERSION', '1.200');
  • README.md+2 2 modified
    @@ -7,7 +7,7 @@
 
 ### English
 
-[![Download most recent Galette release (1.1.6.2)](https://img.shields.io/badge/1.1.6.2-Latest_Galette-ffb619.svg?logo=php&logoColor=white&style=for-the-badge)](https://galette.eu/download/galette-1.1.6.2.tar.bz2)
+[![Download most recent Galette release (1.2.0)](https://img.shields.io/badge/1.2.0-Latest_Galette-ffb619.svg?logo=php&logoColor=white&style=for-the-badge)](https://galette.eu/download/galette-1.2.0.tar.bz2)
 [![Download Galette development (nightly) build](https://img.shields.io/badge/nightly-Galette_development-ffb619.svg?logo=php&logoColor=white&style=for-the-badge)](https://galette.eu/download/galette-dev.tar.bz2)
 
 Galette is a membership management web application towards non profit organizations; released under GPLv3.
@@ -31,7 +31,7 @@ This project is tested with BrowserStack
 
 ### Français
 
-[![Télécharger la version de Galette la plus récente (1.1.6.2)](https://img.shields.io/badge/1.1.6.2-Dernière_Galette-ffb619.svg?logo=php&logoColor=white&style=for-the-badge)](https://galette.eu/download/galette-1.1.6.2.tar.bz2)
+[![Télécharger la version de Galette la plus récente (1.2.0)](https://img.shields.io/badge/1.2.0-Dernière_Galette-ffb619.svg?logo=php&logoColor=white&style=for-the-badge)](https://galette.eu/download/galette-1.2.0.tar.bz2)
 [![Télécharger la version de développement (nighly) de Galette](https://img.shields.io/badge/nightly-Galette_développement-ffb619.svg?logo=php&logoColor=white&style=for-the-badge)](https://galette.eu/download/galette-dev.tar.bz2)
 
 Galette est un outil de gestion d’adhérents et de cotisations en ligne à destination des associations, sous license GPLV3.

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.