Platform
php
Component
wegia
Fixed in
3.4.12
CVE-2025-58745 describes a Remote Code Execution (RCE) vulnerability within the WeGIA Web manager for charitable institutions. This flaw allows attackers to upload malicious PHP files disguised as Excel documents, ultimately enabling remote code execution on the server. The vulnerability affects versions of WeGIA up to and including 3.4.11, with a fix released in version 3.4.11.
The primary impact of CVE-2025-58745 is the potential for complete server compromise. An attacker can leverage this vulnerability to upload a PHP webshell, granting them arbitrary code execution capabilities. This can lead to unauthorized access to sensitive data, modification of system configurations, and even complete control over the affected server. The ability to execute arbitrary code opens the door to a wide range of malicious activities, including data exfiltration, denial-of-service attacks, and further exploitation of the network. The bypass of MIME type validation makes this vulnerability particularly concerning as it circumvents a common security control.
CVE-2025-58745 was publicly disclosed on September 8, 2025. The vulnerability's ease of exploitation, combined with the critical CVSS score, suggests a potential for active exploitation. No public proof-of-concept code has been observed as of the disclosure date, but the bypass technique is relatively straightforward, increasing the likelihood of exploitation. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.22% (44% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-58745 is to immediately upgrade WeGIA to version 3.4.11 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. These may include restricting file uploads to trusted sources, implementing stricter MIME type validation on the /html/socio/sistema/controller/controla_xlsx.php endpoint, and utilizing a Web Application Firewall (WAF) to detect and block malicious file uploads. Monitor access logs for suspicious file upload attempts and unusual PHP file executions. After upgrading, confirm the fix by attempting to upload a test PHP file disguised as an Excel document and verifying that the upload is blocked.
Update WeGIA to version 3.4.11 or higher. This version contains a fix for the arbitrary file upload vulnerability that allows remote code execution. The update will prevent attackers from uploading webshells to the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58745 is a critical Remote Code Execution vulnerability in WeGIA versions up to 3.4.11. It allows attackers to upload malicious PHP files disguised as Excel documents, leading to server compromise.
You are affected if you are using WeGIA version 3.4.11 or earlier. Upgrade to version 3.4.11 to mitigate the risk.
Upgrade WeGIA to version 3.4.11 or later. As a temporary workaround, restrict file uploads and implement stricter MIME type validation.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor your systems closely.
Refer to the WeGIA official website and security advisories for the latest information and updates regarding CVE-2025-58745.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.