CVE-2025-53937 is a critical SQL Injection vulnerability identified in the open-source web management software WeGIA, developed by LabRedesCefetRJ. WeGIA is designed primarily for Portuguese-speaking charitable institutions, providing web-based management tools. The vulnerability exists in the `/controle/control.php` endpoint, specifically within the `cargo` parameter. Prior to version 3.4.5, this parameter does not properly neutralize special elements used in SQL commands, allowing an attacker to inject arbitrary SQL code. This improper input sanitization (classified under CWE-89) enables attackers to manipulate backend SQL queries, potentially leading to unauthorized data access, data modification, or deletion, and even full compromise of the database's confidentiality, integrity, and availability. The vulnerability is exploitable remotely without user interaction or authentication, as indicated by the CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/PR:L). The CVSS score of 9.4 (critical) reflects the high impact and ease of exploitation. Although no known exploits are currently reported in the wild, the severity and nature of the vulnerability make it a significant risk. Version 3.4.5 of WeGIA addresses this issue by properly sanitizing the `cargo` parameter, mitigating the risk of SQL injection attacks.

For European organizations, especially charitable institutions or NGOs using WeGIA for web management, this vulnerability poses a severe risk. Exploitation could lead to unauthorized disclosure of sensitive donor or beneficiary data, manipulation or deletion of critical records, and disruption of service availability. Such breaches could result in reputational damage, legal liabilities under GDPR due to data confidentiality violations, and operational downtime. Given WeGIA's focus on Portuguese language and charitable sectors, organizations in Portugal and other Portuguese-speaking communities in Europe are particularly at risk. The ability to exploit this vulnerability without authentication or user interaction increases the threat landscape, potentially allowing automated attacks and widespread compromise if the vulnerable versions are deployed in publicly accessible environments.

European organizations using WeGIA should immediately upgrade to version 3.4.5 or later to remediate this vulnerability. If upgrading is not immediately feasible, organizations should implement strict input validation and sanitization on the `cargo` parameter at the web application firewall (WAF) or reverse proxy level to block malicious SQL payloads. Additionally, database permissions should be minimized to restrict the application's ability to execute destructive commands. Monitoring and logging of database queries related to the vulnerable endpoint should be enhanced to detect suspicious activity. Regular security audits and penetration testing focusing on injection flaws are recommended. Organizations should also ensure that backups are current and tested to enable recovery in case of data compromise.