CVE-2025-58053
CRITICAL WAF: Low
CVSS 9.8
Published: 2025-12-19
CWE-269
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| galette | galette | up to 1.2.0 |
References
- github.com (Vendor Advisory)