CVE-2025-61604

HIGH EPSS 5.9%
Published Oct 2, 20259mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 4.0
High
Find Similar
Published Oct 2, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victim’s authenticated session. This issue is fixed in version 3.5.0.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
5.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 1

VendorProductVersionRange
wegiawegia* <3.5.0

References 2

  • github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/839de09798f61c9a76043bb2c4b3063d310c5aed
    Patch
  • github.com https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-59hm-4m9h-ch3m
    ExploitMitigationVendor Advisory

Remediation

  • github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/839de09798f61c9a76043bb2c4b3063d310c5aed
    Patch