CVE-2025-55167 is a critical SQL Injection vulnerability identified in the open-source web management software WeGIA, developed by LabRedesCefetRJ. WeGIA is tailored primarily for Portuguese-speaking charitable institutions, providing web-based management functionalities. The vulnerability exists in versions prior to 3.4.8, specifically in the /html/funcionario/dependente_remover.php endpoint within the id_dependente parameter. Improper neutralization of special elements in this parameter allows an attacker to inject arbitrary SQL commands. This can lead to unauthorized data access, modification, or deletion, severely compromising the confidentiality, integrity, and availability of the underlying database. The vulnerability requires no user interaction and can be exploited remotely over the network with low complexity, as indicated by the CVSS 4.0 vector: AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. The vulnerability has been patched in version 3.4.8, but no known exploits are currently reported in the wild. Given the critical severity score of 9.4, exploitation could result in full database compromise, potentially exposing sensitive information or disrupting service availability for organizations relying on WeGIA for their operations.

For European organizations, especially charitable institutions or NGOs operating in Portuguese-speaking communities or using WeGIA for management, this vulnerability poses a significant risk. Exploitation could lead to unauthorized disclosure of sensitive donor or beneficiary data, manipulation or deletion of records, and disruption of operational workflows. This could result in reputational damage, legal liabilities under GDPR due to data breaches, and operational downtime. Since WeGIA is open source and focused on a niche user base, the impact is concentrated but severe for affected entities. The ability to remotely exploit this vulnerability without authentication increases the threat level, potentially allowing attackers to compromise systems without insider access. Organizations may also face challenges in incident response if backups or logs are compromised or altered by attackers leveraging this vulnerability.

European organizations using WeGIA should immediately upgrade to version 3.4.8 or later, where the vulnerability is patched. If upgrading is not immediately feasible, organizations should implement strict input validation and sanitization on the id_dependente parameter at the web application firewall (WAF) or reverse proxy level to block malicious SQL payloads. Employing parameterized queries or prepared statements in any custom code interfacing with the database can further reduce risk. Regularly audit and monitor database logs for unusual queries or access patterns indicative of exploitation attempts. Additionally, organizations should enforce the principle of least privilege on database accounts used by WeGIA, limiting permissions to only what is necessary. Conducting penetration testing focused on SQL injection vectors and ensuring timely application of security patches are critical. Finally, maintaining secure backups and an incident response plan tailored to data breaches will help mitigate potential damage.