cbcvebase.
CVE-2025-55169
published 2025-08-12

CVE-2025-55169: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability…

PriorityP345medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.45%
70.0th percentile
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.

Affected

2 ranges
VendorProductVersion rangeFixed in
labredescefetrjwegia< 3.4.83.4.8
wegiawegia< 3.4.83.4.8

Detection & IOCsextracted from sources · hover to see the quote

path/html/socio/sistema/download_remessa.php
url/html/socio/sistema/download_remessa.php?file=../../../www/html/wegia/config.php
  • HTTP response body contains the string 'DB_PASSWORD' when the path traversal payload successfully retrieves config.php
  • Successful exploitation returns Content-Type: application/octet-stream with HTTP 200 status from the download_remessa.php endpoint
  • Monitor GET requests to download_remessa.php with a 'file' parameter containing path traversal sequences (e.g., '../') targeting config.php or other sensitive files
  • WeGIA instances can be identified via FOFA using the title fingerprint 'WeGIA'
  • ·The traversal payload depth (../../../) targets the specific deployment path /www/html/wegia/config.php; actual depth may vary depending on server installation layout

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.