Broken Access Control in WeGIA Open Source Web Manager
CVE-2025-61665

8.7HIGH

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 2 October 2025

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2025-61665?

The WeGIA open source web manager, which serves charitable institutions, has a vulnerability in versions 3.4.12 and earlier. This issue involves broken access control within the get_relatorios_socios.php endpoint. It enables unauthenticated users to gain unauthorized access to sensitive personal and financial information of members, bypassing necessary authentication or authorization measures. This vulnerability has been addressed in version 3.5.0, providing critical updates to secure user data.

Affected Version(s)

WeGIA < 3.5.0

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/commit/828f23a6a...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Sep 29, 2025

JSON