Galette has access control bypass
CVE-2025-53922

1.3LOW

Key Information:

Vendor: Galette
Status: Galette
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-53922?

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.

Affected Version(s)

galette >= 1.1.4, < 1.2.0

References

https://github.com/galette/galette/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

1.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Jul 14, 2025

JSON