CVE-2025-53938
BaseFortify
Publication date: 2025-07-16
Last updated on: 2025-07-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.4.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass in the WeGIA web manager application prior to version 3.4.5. It occurs in the /dao/verificar_recursos_cargo.php endpoint, allowing unauthenticated users to access protected functionalities and retrieve sensitive information by sending specially crafted HTTP requests without needing session cookies or authentication tokens.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to bypass authentication controls and access sensitive information or protected features within the WeGIA application. This could lead to data exposure or unauthorized actions within the system.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the WeGIA application to version 3.4.5 or later, as this version fixes the authentication bypass vulnerability in the /dao/verificar_recursos_cargo.php endpoint.