CVE-2025-55169 is a critical security vulnerability identified in the open-source web management application WeGIA, developed by LabRedesCefetRJ. WeGIA is primarily targeted at Portuguese-speaking users and charitable institutions. The vulnerability exists in versions prior to 3.4.8 within the endpoint html/socio/sistema/download_remessa.php. Specifically, it is a path traversal vulnerability (CWE-22) combined with improper authentication (CWE-287), allowing an unauthenticated attacker to manipulate file path parameters to access arbitrary local files on the server. This includes sensitive files such as config.php, which contains database credentials and other critical configuration data. Exploiting this flaw requires no authentication or user interaction, and the attacker can remotely retrieve sensitive information, potentially leading to full system compromise. The vulnerability has been assigned a CVSS 4.0 base score of 10.0, indicating critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. The issue was patched in WeGIA version 3.4.8, which properly restricts file access and enforces authentication controls to prevent unauthorized file retrieval. No known exploits have been reported in the wild yet, but the severity and ease of exploitation make this a high-risk vulnerability for any organization using affected versions of WeGIA.

For European organizations, especially those using WeGIA to manage charitable or non-profit activities, this vulnerability poses a significant risk. Unauthorized access to config.php can expose database credentials, enabling attackers to access or manipulate backend databases, potentially leading to data breaches involving personal data, donor information, or financial records. The compromise of integrity and availability could disrupt organizational operations and damage trust. Since WeGIA focuses on Portuguese language users, organizations in Portugal and Portuguese-speaking communities in Europe are particularly at risk. The critical severity and remote exploitability mean attackers could target these organizations en masse, leading to widespread data exposure or ransomware attacks leveraging stolen credentials. Additionally, the improper authentication aspect could allow attackers to bypass any intended access controls, increasing the threat surface. The impact extends beyond data loss to regulatory compliance risks under GDPR, with potential fines and reputational damage.

European organizations using WeGIA should immediately upgrade to version 3.4.8 or later to apply the official patch that fixes the path traversal and authentication issues. Until the upgrade is performed, organizations should implement strict network-level access controls to restrict access to the vulnerable endpoint, such as IP whitelisting or VPN-only access. Web application firewalls (WAFs) should be configured to detect and block path traversal patterns targeting download_remessa.php. Additionally, organizations should audit their server logs for suspicious access attempts to this endpoint and monitor for unusual database activity that could indicate exploitation. It is also recommended to rotate database credentials stored in config.php after patching to mitigate any potential credential compromise. Regular security assessments and penetration testing focused on file inclusion and authentication controls should be conducted to prevent similar vulnerabilities. Finally, organizations should educate their IT teams about the risks of using outdated software and enforce timely patch management policies.