Vulnerability Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated users to access protected application functionalities and retrieve sensitive information by sending crafted HTTP requests without any session cookies or authentication tokens. Version 3.4.5 fixes the issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wegia | Wegia | < 3.4.5 |
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p76-7mm4-j5rjExploitVendor Advisory
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p76-7mm4-j5rjExploitVendor Advisory
FAQ
What is CVE-2025-53938?
CVE-2025-53938 is a vulnerability with a CVSS score of 7.5 (HIGH). WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php...
How severe is CVE-2025-53938?
CVE-2025-53938 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53938?
Check the references section above for vendor advisories and patch information. Affected products include: Wegia Wegia.