CVE-2025-53938

Summary

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated users to access protected application functionalities and retrieve sensitive information by sending crafted HTTP requests without any session cookies or authentication tokens. Version 3.4.5 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
LabRedesCefetRJWeGIA< 3.4.5affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References