Platform
php
Component
wegia
Opgelost in
3.4.12
CVE-2025-58745 describes a Remote Code Execution (RCE) vulnerability within the WeGIA Web manager for charitable institutions. This flaw allows attackers to upload malicious PHP files disguised as Excel documents, ultimately enabling remote code execution on the server. The vulnerability affects versions of WeGIA up to and including 3.4.11, with a fix released in version 3.4.11.
The primary impact of CVE-2025-58745 is the potential for complete server compromise. An attacker can leverage this vulnerability to upload a PHP webshell, granting them arbitrary code execution capabilities. This can lead to unauthorized access to sensitive data, modification of system configurations, and even complete control over the affected server. The ability to execute arbitrary code opens the door to a wide range of malicious activities, including data exfiltration, denial-of-service attacks, and further exploitation of the network. The bypass of MIME type validation makes this vulnerability particularly concerning as it circumvents a common security control.
CVE-2025-58745 was publicly disclosed on September 8, 2025. The vulnerability's ease of exploitation, combined with the critical CVSS score, suggests a potential for active exploitation. No public proof-of-concept code has been observed as of the disclosure date, but the bypass technique is relatively straightforward, increasing the likelihood of exploitation. The vulnerability is not currently listed on the CISA KEV catalog.
Charitable institutions and organizations utilizing WeGIA Web Manager are at significant risk. Specifically, deployments with older versions (≤ 3.4.11) and those lacking robust file upload validation or WAF protection are particularly vulnerable. Shared hosting environments using WeGIA are also at increased risk due to the potential for cross-site contamination.
• linux / server:
find /var/www/html/socio/sistema/controller/ -name '*.php' -print0 | xargs -0 grep -i '<?php' • generic web:
curl -I https://your-wegia-server.com/html/socio/sistema/controller/controla_xlsx.php | grep 'Content-Type:'• generic web:
Review access logs for requests to /html/socio/sistema/controller/controla_xlsx.php with unusual or unexpected Content-Type headers.
disclosure
Exploit Status
EPSS
0.22% (44% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-58745 is to immediately upgrade WeGIA to version 3.4.11 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. These may include restricting file uploads to trusted sources, implementing stricter MIME type validation on the /html/socio/sistema/controller/controla_xlsx.php endpoint, and utilizing a Web Application Firewall (WAF) to detect and block malicious file uploads. Monitor access logs for suspicious file upload attempts and unusual PHP file executions. After upgrading, confirm the fix by attempting to upload a test PHP file disguised as an Excel document and verifying that the upload is blocked.
Actualice WeGIA a la versión 3.4.11 o superior. Esta versión contiene una corrección para la vulnerabilidad de carga de archivos arbitrarios que permite la ejecución remota de código. La actualización evitará que atacantes suban webshells al servidor.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-58745 is a critical Remote Code Execution vulnerability in WeGIA versions up to 3.4.11. It allows attackers to upload malicious PHP files disguised as Excel documents, leading to server compromise.
You are affected if you are using WeGIA version 3.4.11 or earlier. Upgrade to version 3.4.11 to mitigate the risk.
Upgrade WeGIA to version 3.4.11 or later. As a temporary workaround, restrict file uploads and implement stricter MIME type validation.
While no public exploits are currently known, the vulnerability's ease of exploitation suggests a potential for active exploitation. Monitor your systems closely.
Refer to the WeGIA official website and security advisories for the latest information and updates regarding CVE-2025-58745.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.