CVE-2025-54061 is a critical SQL Injection vulnerability affecting the open-source web management software WeGIA, developed by LabRedesCefetRJ. WeGIA is primarily targeted at Portuguese-speaking charitable institutions, providing web-based management tools. The vulnerability exists in versions prior to 3.4.6 and is located in the 'idatendido_familiares' parameter of the '/html/funcionario/dependente_editarDoc.php' endpoint. This parameter is improperly sanitized, allowing an attacker to inject malicious SQL commands. Exploiting this flaw enables attackers to manipulate backend SQL queries, potentially extracting sensitive database information such as table names and confidential data stored within the system. The vulnerability is classified under CWE-89, indicating improper neutralization of special elements used in SQL commands. The CVSS 4.0 base score of 9.4 reflects its critical severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), and no user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability at a high level, with scope and security requirements also rated high. Although no known exploits are currently reported in the wild, the ease of exploitation and critical impact make it a significant threat. Version 3.4.6 of WeGIA addresses and fixes this vulnerability, and users are strongly advised to upgrade to this or later versions to mitigate risk.

For European organizations, especially those operating charitable or non-profit institutions using WeGIA, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized disclosure of sensitive personal and organizational data, including donor information, beneficiary details, and internal records. This could result in privacy violations under GDPR, reputational damage, and potential legal liabilities. Furthermore, attackers could manipulate or corrupt database contents, impacting data integrity and operational continuity. Given the criticality and network accessibility of the vulnerability, attackers could remotely compromise systems without authentication or user interaction, increasing the risk of widespread exploitation. The impact extends beyond data theft to potential service disruption, undermining trust in affected organizations. European entities relying on WeGIA must prioritize remediation to prevent data breaches and maintain compliance with data protection regulations.

Organizations should immediately upgrade WeGIA installations to version 3.4.6 or later, where the vulnerability is patched. Until the upgrade is applied, implement web application firewall (WAF) rules specifically designed to detect and block SQL injection attempts targeting the 'idatendido_familiares' parameter and the affected endpoint. Conduct thorough input validation and sanitization on all user-supplied data, employing parameterized queries or prepared statements if custom development is involved. Regularly audit and monitor database logs for suspicious query patterns indicative of injection attempts. Employ network segmentation to limit access to the WeGIA management interface to trusted internal networks or VPN users. Additionally, perform security awareness training for administrators managing WeGIA to recognize and respond to potential exploitation signs. Finally, maintain up-to-date backups of critical data to enable recovery in case of data integrity compromise.