CVE-2025-26615
Published: 18 February 2025
Summary
CVE-2025-26615 is a critical-severity Path Traversal (CWE-22) vulnerability in Wegia Wegia. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates user-supplied inputs to the examples.php endpoint to block path traversal attempts accessing sensitive files like config.php.
Requires timely patching of the path traversal flaw fixed in WeGIA version 3.2.14 to eliminate unauthorized file access.
Enables vulnerability scanning to identify and remediate path traversal issues in web endpoints like examples.php before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing WeGIA web app enables remote file read of config.php containing DB credentials, mapping to T1190 for initial access and T1552.001 for credential access.
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive…
more
information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26615 is a Path Traversal vulnerability (CWE-22, CWE-284) affecting WeGIA, an open-source web manager for institutions primarily targeting Portuguese-language users. The issue resides in the examples.php endpoint, which enables attackers to bypass access controls and read sensitive files, specifically config.php. This file stores database connection details, exposing credentials that could facilitate further unauthorized access.
The vulnerability carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation allows retrieval of config.php contents, granting direct database access and potentially leading to confidentiality, integrity, and availability impacts across the scoped application.
The vulnerability has been addressed in WeGIA version 3.2.14, with all users urged to upgrade promptly. No workarounds are available. Additional details are provided in the GitHub Security Advisory at https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-p5wx-pv8j-f96h.
Details
- CWE(s)