Cross-Site Request Forgery Vulnerability in WeGIA Web Manager from LabRedesCefetRJ
CVE-2025-61604

7.1HIGH

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 2 October 2025

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2025-61604?

The WeGIA web manager, aimed at supporting charitable organizations, has a vulnerability that exposes its delete operation for the Almoxarifado entity. In versions 3.4.12 and below, this critical function can be triggered via an HTTP GET request without the necessary CSRF protection, potentially allowing attackers to execute this action using an authenticated user's session. This flaw is addressed in version 3.5.0, making it crucial for users to update to this release to safeguard against such unauthorized interference.

Affected Version(s)

WeGIA < 3.5.0

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/commit/839de0979...

x_refsource_MISC

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Sep 26, 2025

JSON