CVE-2025-61603
Published: 02 October 2025
Summary
CVE-2025-61603 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.4 (Critical).
Operationally, ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-33217
Vulnerability details
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the…
more
confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.