CVE-2025-53938

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated users to access protected application functionalities and retrieve sensitive information by sending crafted HTTP requests without any session cookies or authentication tokens. Version 3.4.5 fixes the issue.

Published: Jul 16, 2025
Updated: Jul 26, 2025
CVE: CVE-2025-53938
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
wegia / wegia	-	3.4.5

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p76-7mm4-j5rj

Vulnerability Database

CVE-2025-53938

Deep Security Visibility Without the Complexity