Vulnerability Description
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victim’s authenticated session. This issue is fixed in version 3.5.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wegia | Wegia | < 3.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/commit/839de09798f61c9a76043bb2c4b3063dPatch
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-59hm-4m9h-ch3mExploitMitigationVendor Advisory
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-59hm-4m9h-ch3mExploitMitigationVendor Advisory
FAQ
What is CVE-2025-61604?
CVE-2025-61604 is a vulnerability with a CVSS score of 7.1 (HIGH). WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarif...
How severe is CVE-2025-61604?
CVE-2025-61604 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-61604?
Check the references section above for vendor advisories and patch information. Affected products include: Wegia Wegia.