CVE-2025-58053

Name of the Vulnerable Software and Affected Versions Galette versions prior to 1.2.0

Description Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, it was possible to gain higher privileges by updating an existing account using a self-forged POST request. The issue was addressed in version 1.2.0. The application accepts POST requests to update account information, and improper validation of the request data allowed an attacker to manipulate account privileges. The vulnerable operation involves submitting a crafted POST request to modify account details, potentially elevating the user's role within the system.

Recommendations Update to version 1.2.0 or later.