CVE-2025-61665

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.4.12 and below

Description WeGIA, a web manager for charitable institutions, has a Broken Access Control issue. The get relatorios socios.php API endpoint allows unauthenticated attackers to directly access sensitive personal and financial information of members without authentication or authorization.

Recommendations Update to version 3.5.0 or later.

Exploit

Fix

Improper Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-200

Related Identifiers

CVE-2025-61665

GHSA-62WP-6QMH-6P5F

Affected Products

Wegia

CVE-2025-61665

Weakness Enumeration

Related Identifiers

Affected Products

References · 9