Authentication Bypass Vulnerability in WeGIA Web Manager
CVE-2025-55171

7.5HIGH

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
12 August 2025

What is CVE-2025-55171?

WeGIA, an open-source web management system primarily serving Portuguese-speaking charitable organizations, harbors a significant vulnerability prior to version 3.4.8. The flaw exists due to inadequate authentication checks at the endpoint /html/personalizacao_remover.php, enabling unauthenticated attackers to delete any image files simply by providing the image ID via the 'imagem_0' parameter. This vulnerability exposes the system to potential data loss and misuse, highlighting the importance of timely updates and robust authentication mechanisms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WeGIA < 3.4.8

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/issues/109
x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/commit/aa63f499a...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.