CVE-2025-55171
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in WeGIA versions prior to 3.4.8 where the application does not check for user authentication at the endpoint /html/personalizacao_remover.php. This allows an anonymous attacker, without logging in, to delete any image files by specifying the image ID (imagem_0) to delete at that endpoint.
How can this vulnerability impact me? :
An attacker can delete image files without authentication, potentially causing denial of service or loss of important image data managed by the application.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the WeGIA application to version 3.4.8 or later, as this version includes a patch that enforces authentication checks on the /html/personalizacao_remover.php endpoint, preventing anonymous deletion of image files.