CVE-2025-58052
Privilege Escalation in Galette via Role-Based Access Bypass
Publication date: 2025-12-19
Last updated on: 2026-04-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| galette | galette | 1.2.0 |
| galette | galette | 0.9.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58052 is an access control bypass vulnerability in the Galette membership management application affecting versions 0.9.6 up to but not including 1.2.0. It allows attackers with the group manager role to bypass intended restrictions and gain unauthorized access to member management functions, despite role-based access controls. Specifically, even when certain permissions are disabled, a group manager can exploit a flaw in authorization checks to create members via an unintended GET route. Exploitation requires initial privileged access, so the threat is limited to malicious insiders or compromised group manager accounts. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a group manager with limited privileges to perform unauthorized actions such as creating members, which they should not be allowed to do. This could lead to unauthorized changes in membership data, potentially compromising the integrity and trustworthiness of your membership records. Since exploitation requires privileged access, the main risk comes from malicious insiders or compromised group manager accounts. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring access to the GET route "addMember" in Galette versions 0.9.6 up to but not including 1.2.0, especially when the "Can group managers create members?" option is disabled and "Can members create child" is enabled. Network or application logs should be inspected for unauthorized access attempts to this route by users with the group manager role. Specific commands depend on your environment, but for example, using web server logs you can run commands like: grep 'GET /addMember' /var/log/apache2/access.log to find access attempts. Additionally, monitoring user roles and their actions within the application can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Galette to version 1.2.0 or later, where this access control bypass vulnerability is fixed. Until the upgrade can be performed, restrict or monitor group manager accounts closely, especially their access to member creation functions. Review and adjust the "Rights" settings to avoid configurations where "Can group managers create members?" is disabled but "Can members create child" is enabled, as this combination enables the bypass. Limit privileged access to trusted users to reduce risk from malicious insiders or compromised accounts. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.