CVE-2025-58452 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ, specifically affecting versions prior to 3.4.11. The vulnerability exists in the listar_despachos.php endpoint, where the id_memorando parameter is improperly sanitized, allowing attackers to inject malicious scripts that are then reflected back to users. Reflected XSS vulnerabilities occur when untrusted input is included in web pages without proper neutralization, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, credential theft, or redirection to malicious sites. The vulnerability has a CVSS 4.0 base score of 2.1, indicating low severity, primarily because it requires user interaction and does not affect confidentiality, integrity, or availability directly. The vulnerability was patched in version 3.4.11 of WeGIA. No known exploits are currently reported in the wild. The vulnerability falls under CWE-79, which is a common web application security issue related to improper input neutralization during web page generation. The attack vector is network-based, with low attack complexity, no privileges or authentication required, but user interaction is necessary for exploitation. The scope is limited to the web application itself, and the impact on confidentiality, integrity, and availability is minimal or none.

For European organizations using WeGIA to manage charitable institutions, this vulnerability could allow attackers to execute malicious scripts in the browsers of users who interact with the vulnerable endpoint, potentially leading to theft of session cookies, unauthorized actions on behalf of users, or phishing attacks. Although the CVSS score is low, the impact could be more significant if attackers leverage this vulnerability as part of a broader attack chain, especially targeting users with elevated privileges. Given that WeGIA is specialized software for charitable institutions, the affected organizations might include NGOs and non-profits across Europe. The direct impact on critical infrastructure or large enterprises is likely limited. However, exploitation could undermine trust in these organizations and lead to data exposure or fraud. Since no known exploits are reported, the immediate risk is low, but unpatched instances remain vulnerable to targeted attacks, especially in environments where users may be less security-aware.

Organizations should promptly update WeGIA installations to version 3.4.11 or later, where the vulnerability has been patched. In addition to applying the vendor patch, administrators should implement web application firewall (WAF) rules to detect and block suspicious input patterns targeting the id_memorando parameter. User input validation and output encoding should be enforced at the application level to prevent injection of malicious scripts. Security awareness training for users can reduce the risk of successful exploitation by making users cautious about clicking on suspicious links. Regular security assessments and penetration testing of the WeGIA application should be conducted to identify any residual or new vulnerabilities. Monitoring web server logs for unusual requests to listar_despachos.php can help detect attempted exploitation. Finally, organizations should ensure that session management is robust, using HttpOnly and Secure flags on cookies to mitigate the impact of potential XSS attacks.