CVE-2025-55169

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8

Description: WeGIA is a web manager focused on the Portuguese language and charitable institutions. A path traversal vulnerability exists in the html/socio/sistema/download remessa.php endpoint. This could allow an attacker to gain unauthorized access to local files on the server and sensitive information stored in config.php, which contains information that could allow direct access to the database.

Recommendations: Update to version 3.4.8 or later.

Exploit

Fix

Improper Authentication

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-22

Related Identifiers

CVE-2025-55169

GHSA-MM3P-7573-4X4J

Affected Products

Wegia

CVE-2025-55169

Weakness Enumeration

Related Identifiers

Affected Products

References · 8