WeGIA: Broken Access Control in `get_relatorios_socios.php` Endpoint_CVE-2025-61665

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N

Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.

Basic Information

ID CVE-2025-61665

Source GitHub_M

Published Oct 2, 2025 at 20:39

Affected Product

Vendor LabRedesCefetRJ

Product WeGIA

Version < 3.5.0

Affected Versions LabRedesCefetRJ WeGIA < 3.5.0

CWE Classification

CWE-287 CWE-200

References

{
    "lastseen": "",
    "description": "WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.",
    "published": "2025-10-02T20:39:09.658Z",
    "modified": "2025-10-02T20:39:09.658Z",
    "type": "cve",
    "title": "WeGIA: Broken Access Control in `get_relatorios_socios.php` Endpoint",
    "source": "GitHub_M",
    "references": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-62wp-6qmh-6p5f\nhttps://github.com/LabRedesCefetRJ/WeGIA/commit/828f23a6a760a52b8bb8bfd583cc2b23c42da51e",
    "id": "CVE-2025-61665",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "LabRedesCefetRJ WeGIA < 3.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeGIA",
    "version": "< 3.5.0",
    "vendor": "LabRedesCefetRJ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}