CVE-2025-58159

CRITICAL LAB

Wegia < 3.4.11 - Code Injection

Title source: rule

Description

WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.

Exploits (1)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-58159

View Code ZIP pw:eip

References (1)

[Exploit, Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wj2c-237g-cgqp

Related Analysis

Zero to RCE

Five CVEs Case Study

Scores

CVSS v3 9.9

EPSS 0.0078

EPSS Percentile 73.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Lab Environment

EIP LAB

patched docker pull ghcr.io/exploitintel/cve-2025-58159-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-58159-vulnerable:latest

View in Library GitHub

COMMUNITY

docker pull mariadb:10.11

https://github.com/exploitintel/eip-pocs-and-cves

View in Library

Details

CWE

CWE-434 CWE-94

Status published

Products (1)

wegia/wegia < 3.4.11

Published Aug 29, 2025

Tracked Since Feb 18, 2026