Plateforme
php
Composant
wegia
Corrigé dans
3.4.12
CVE-2025-58159 is a critical Remote Code Execution (RCE) vulnerability affecting WeGIA, a web manager for charitable institutions. This flaw arises from insufficient validation of uploaded files, enabling attackers to execute arbitrary code on the server. Versions of WeGIA prior to 3.4.11 are vulnerable, and a fix is available in version 3.4.11.
The impact of CVE-2025-58159 is severe. An attacker can upload a specially crafted file containing both spreadsheet data and PHP code. When processed by WeGIA, the PHP code will be executed on the server, granting the attacker complete control. This could lead to data breaches, system compromise, and potentially, the complete takeover of the charitable institution's web server. The vulnerability builds upon weaknesses previously identified in CVE-2025-22133, suggesting a potential pattern of insecure file handling within the application. The blast radius extends to any data stored or processed by the WeGIA application, including sensitive donor information and financial records.
CVE-2025-58159 was published on 2025-08-29. The vulnerability's EPSS score is likely to be assessed as high due to the critical CVSS score and the ease of exploitation. Public proof-of-concept (POC) code is anticipated to emerge quickly given the RCE nature and the relatively straightforward exploitation technique. While no active campaigns have been publicly reported as of this writing, the vulnerability's severity warrants immediate attention and proactive security measures.
Statut de l'Exploit
EPSS
0.65% (percentile 71%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-58159 is to immediately upgrade WeGIA to version 3.4.11 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These include restricting file uploads to only explicitly allowed file types and implementing strict filename validation to prevent the upload of files with potentially executable extensions like .php. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious file uploads. Monitor WeGIA logs for unusual file upload activity. After upgrading, confirm the vulnerability is resolved by attempting to upload a test file with a .php extension and verifying that the upload is rejected.
Actualice WeGIA a la versión 3.4.11 o superior. Esta versión contiene una corrección para la vulnerabilidad de carga de archivos arbitrarios. La actualización evitará la ejecución remota de código malicioso en su servidor.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
It's a critical Remote Code Execution (RCE) vulnerability in WeGIA web manager versions prior to 3.4.11, allowing attackers to execute arbitrary code via malicious file uploads.
If you are using WeGIA version 3.4.11 or earlier, you are vulnerable. Check your current version and upgrade immediately.
Upgrade WeGIA to version 3.4.11 or later. As a temporary workaround, restrict file uploads and implement strict filename validation.
No active campaigns have been publicly reported yet, but the vulnerability's severity makes exploitation likely. Proactive mitigation is essential.
Refer to the official WeGIA security advisory and the National Vulnerability Database (NVD) entry for CVE-2025-58159 for detailed information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.