CVE-2025-61604

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victims authenticated session. This issue is fixed in version 3.5.0.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
wegiawegia
𝑥
< 3.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/LabRedesCefetRJ/WeGIA/commit/839de09798f61c9a76043bb2c4b3063d310c5aed
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-59hm-4m9h-ch3m
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-59hm-4m9h-ch3m