CVE-2025-58159

CRITICAL LAB

WeGIA < 3.4.11 - Remote Code Execution via Unrestricted PHP File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-58159. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-10622, an OS command injection vulnerability in Foreman (3.12.0-3.16.0). The exploit leverages client-side-only validation of transpiler settings to execute arbitrary commands via the Foreman process user.

Description

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.

Exploits (1)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-58159

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-10622, an OS command injection vulnerability in Foreman (3.12.0-3.16.0). The exploit leverages client-side-only validation of transpiler settings to execute arbitrary commands via the Foreman process user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (3.12.0 through 3.16.0)

Auth required

Prerequisites: authenticated admin access · Foreman REST API or GraphQL access

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wj2c-237g-cgqp

Related Analysis

Zero to RCE

Five CVEs Case Study

Scores

CVSS v3 9.9

EPSS 0.0095

EPSS Percentile 76.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

patched docker pull ghcr.io/exploitintel/cve-2025-58159-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-58159-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-434 CWE-94

Status published

Products (1)

wegia/wegia < 3.4.11

Published Aug 29, 2025

Tracked Since Feb 18, 2026