CVE-2025-53938 | THREATINT

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated users to access protected application functionalities and retrieve sensitive information by sending crafted HTTP requests without any session cookies or authentication tokens. Version 3.4.5 fixes the issue.

PUBLISHED Reserved 2025-07-14 | Published 2025-07-16 | Updated 2025-07-18 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

< 3.4.5

affected

References

github.com/.../WeGIA/security/advisories/GHSA-6p76-7mm4-j5rj exploit

github.com/.../WeGIA/security/advisories/GHSA-6p76-7mm4-j5rj

cve.org (CVE-2025-53938)

nvd.nist.gov (CVE-2025-53938)

Download JSON