CVE-2025-26613

Published Feb 18, 2025

Last updated 4 days ago

CVSS critical 10.0

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-26613 is an operating system command injection vulnerability found in WeGIA, an open-source web management application primarily used by Portuguese-speaking institutions. The vulnerability exists in the `gerenciar_backup.php` endpoint and could allow remote attackers to execute arbitrary code on the affected system. WeGIA version 3.2.13 addresses this vulnerability.

Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-78

Social media

Hype score
Not currently trending

  1. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    6763 Impressions

    16 Retweets

    53 Likes

    10 Bookmarks

    2 Replies

    1 Quote

  2. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    417 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. [CVE-2025-26613: CRITICAL] Critical OS Command Injection vulnerability discovered in WeGIA web manager v3.2.13. Upgrade to v3.2.14 to patch the issue and secure your system from remote code execution attacks.#cybersecurity,#vulnerability https://t.co/ef8rEN3JWz https://t.co/yMWzD

    @CveFindCom

    18 Feb 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-26613 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA appl… https://t.co/hV2kpJgSul

    @CVEnew

    18 Feb 2025

    269 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References