CVE-2025-61665

HIGH

WeGIA <3.4.12 - Info Disclosure

Title source: llm

Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0015
EPSS Percentile 35.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-287 CWE-200
Status published

Affected Products (1)

wegia/wegia < 3.5.0

Timeline

Published Oct 02, 2025
Tracked Since Feb 18, 2026