CVE-2025-58052

Name of the Vulnerable Software and Affected Versions Galette versions 0.9.6 through 1.1.9

Description Galette is a membership management web application designed for non-profit organizations. Individuals with the 'group manager' role can circumvent intended restrictions, enabling unauthorized access and modifications despite the presence of role-based access controls. Exploitation is limited to those with initial privileged access, such as malicious insiders or compromised group manager accounts.

Recommendations Update to version 1.2.0 or later.