CVE-2025-26613
Published: 18 February 2025
Summary
CVE-2025-26613 is a critical-severity OS Command Injection (CWE-78) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection in gerenciar_backup.php by validating and rejecting malicious inputs before they reach system command execution.
Remediates the specific OS command injection vulnerability by requiring timely upgrades to the patched WeGIA version 3.2.14.
Mitigates unauthenticated remote exploitation by inspecting and blocking command injection attempts at the web application boundary.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing web app directly enables T1190 (Exploit Public-Facing Application) for initial remote access and T1059 (Command and Scripting Interpreter) for arbitrary OS command execution.
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely.…
more
This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26613 is an OS Command Injection vulnerability (CWE-78, CWE-284) in the WeGIA open-source Web Manager for Institutions, which primarily serves Portuguese language users. The flaw resides in the gerenciar_backup.php endpoint and enables remote execution of arbitrary operating system commands. Published on 2025-02-18 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it affects WeGIA versions prior to the patched release.
The vulnerability is exploitable by unauthenticated attackers over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution on the underlying server, potentially leading to complete compromise of confidentiality, integrity, and availability, such as data theft, modification, or denial of service.
The GitHub security advisory confirms the issue has been addressed in WeGIA version 3.2.14, urging all users to upgrade immediately. No workarounds are available. For full details, refer to https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g3w6-m6w8-p6r2.
Details
- CWE(s)