CVE-2025-58159 is a critical remote code execution (RCE) vulnerability affecting versions of the WeGIA web management application prior to 3.4.11. WeGIA is a platform used by charitable institutions to manage their web presence and operations. The vulnerability arises from improper validation and sanitization of uploaded files, specifically allowing attackers to upload files with arbitrary filenames, including those with dangerous extensions such as .php. The application fails to restrict or sanitize file extensions adequately, enabling an attacker to upload a crafted file that appears to be a spreadsheet but contains embedded PHP code. When this file is saved to disk and subsequently executed by the web server, it leads to arbitrary code execution on the server. This vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and CWE-94 (Improper Control of Generation of Code), indicating both the unsafe file upload handling and the execution of malicious code. The issue is a direct consequence of insufficient mitigation of a prior vulnerability (CVE-2025-22133). The vulnerability has been assigned a CVSS v3.1 base score of 10.0, reflecting its critical severity with network attack vector, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality, integrity, and availability with a scope change. Although no known exploits have been reported in the wild yet, the potential for exploitation is high due to the ease of uploading executable files and the direct impact on server control. The vulnerability was publicly disclosed on August 29, 2025, and fixed in WeGIA version 3.4.11. Organizations running affected versions should prioritize upgrading to the patched release to eliminate this critical risk.

For European organizations, especially charitable institutions and NGOs using WeGIA, this vulnerability poses a severe threat. Successful exploitation allows attackers to execute arbitrary code on the web server, potentially leading to full system compromise. This can result in data breaches exposing sensitive donor and beneficiary information, disruption of organizational operations, defacement of websites, and use of compromised servers as pivot points for further attacks within the network. Given the critical nature of the vulnerability and the high CVSS score, the impact on confidentiality, integrity, and availability is substantial. Additionally, the compromise of charitable organizations can erode public trust and lead to regulatory penalties under GDPR if personal data is exposed. The lack of required user interaction and the network attack vector increase the likelihood of exploitation, making this a pressing concern for European entities relying on WeGIA for their web management.

1. Immediate upgrade to WeGIA version 3.4.11 or later, where the vulnerability is patched, is the most effective mitigation. 2. Implement strict file upload validation controls: enforce whitelisting of allowed file types/extensions, reject files with executable extensions such as .php, and verify MIME types server-side. 3. Employ server-side sanitization of uploaded filenames to remove or neutralize dangerous characters and extensions. 4. Configure web server settings to prevent execution of uploaded files in directories used for file uploads, e.g., disable PHP execution in upload folders via .htaccess or equivalent. 5. Monitor web server logs for suspicious upload activity or execution attempts of unexpected file types. 6. Conduct regular security audits and penetration testing focusing on file upload functionalities. 7. Educate administrators and developers on secure coding practices related to file handling to prevent recurrence. 8. If immediate upgrade is not feasible, consider temporary mitigations such as restricting upload permissions to trusted users only and isolating the application environment.