CVE-2025-58453 is a high-severity SQL Injection vulnerability (CWE-89) found in the WeGIA web management system developed by LabRedesCefetRJ, specifically affecting versions prior to 3.4.11. WeGIA is a web-based platform used by charitable institutions to manage their operations. The vulnerability exists in the /WeGIA/html/memorando/exibe_anexo.php endpoint, where the id_anexo parameter is improperly sanitized. This improper neutralization of special elements in SQL commands allows an attacker to inject arbitrary SQL queries. Notably, the vulnerability does not require authentication or user interaction, making it remotely exploitable over the network with low attack complexity. Successful exploitation can lead to unauthorized access to sensitive information stored in the backend database, potentially compromising confidentiality, integrity, and availability of data. The CVSS 4.0 base score is 8.9, reflecting the critical nature of this flaw with network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the vulnerability is patched in version 3.4.11, and users are strongly advised to upgrade. The lack of authentication requirement and the direct exposure of the vulnerable parameter in a web endpoint increase the risk of exploitation, especially in environments where WeGIA is accessible from the internet or untrusted networks.

For European organizations using WeGIA, particularly charitable institutions and NGOs, this vulnerability poses a significant risk. Exploitation could lead to unauthorized disclosure of sensitive donor information, internal communications, and operational data, undermining trust and potentially violating data protection regulations such as the GDPR. The integrity of stored data could also be compromised, allowing attackers to alter records or disrupt operations. Given the criticality of the vulnerability and the ease of exploitation, attackers could leverage this flaw to gain persistent access or pivot to other internal systems. This could result in reputational damage, financial loss, and legal consequences for affected organizations. Furthermore, since WeGIA is tailored for charitable institutions, the impact extends beyond data loss to potentially disrupting essential social services and support activities.

European organizations should immediately verify their WeGIA version and upgrade to version 3.4.11 or later, which contains the patch for this vulnerability. If immediate upgrade is not feasible, organizations should implement web application firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the id_anexo parameter. Input validation and parameterized queries should be enforced at the application level to prevent injection. Network segmentation and restricting access to the WeGIA management interface to trusted IP addresses can reduce exposure. Regular security assessments and penetration testing focused on injection flaws should be conducted. Additionally, monitoring logs for suspicious query patterns and anomalous access attempts can provide early detection of exploitation attempts. Organizations should also review and update their incident response plans to address potential data breaches stemming from this vulnerability.