CVE-2025-58454 is a high-severity SQL Injection vulnerability (CWE-89) identified in the WeGIA web management system, developed by LabRedesCefetRJ, which is used primarily by charitable institutions. The vulnerability exists in versions prior to 3.4.11, specifically in the endpoint /WeGIA/html/memorando/listar_despachos.php within the id_memorando parameter. This parameter is improperly sanitized, allowing an attacker to inject malicious SQL commands. Exploitation of this flaw enables an unauthorized actor to execute arbitrary SQL queries on the backend database without requiring authentication or user interaction. This can lead to unauthorized access to sensitive data, including potentially confidential information managed by the charitable institutions using WeGIA. The vulnerability has a CVSS 4.0 base score of 8.9, indicating a high impact with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and the critical nature of the flaw make it a significant threat. The vendor has released version 3.4.11 which patches this vulnerability by properly neutralizing special SQL elements in the affected parameter, preventing injection attacks.

For European organizations using WeGIA, particularly charitable institutions managing sensitive donor and operational data, this vulnerability poses a serious risk. Successful exploitation could lead to unauthorized disclosure of personal and financial information, data manipulation, or deletion, severely impacting data confidentiality, integrity, and availability. This could result in reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. Since the vulnerability does not require authentication or user interaction, attackers can remotely exploit it over the network, increasing the risk of widespread compromise. The impact is especially critical for organizations that rely on WeGIA for managing sensitive communications and records, as attackers could extract or alter memoranda and dispatch data, undermining trust and operational security.

European organizations should immediately upgrade WeGIA to version 3.4.11 or later to apply the official patch that addresses the SQL Injection vulnerability. In addition, organizations should conduct thorough code reviews and penetration testing on all web application inputs to ensure proper input validation and parameterized queries are enforced. Implementing Web Application Firewalls (WAFs) with specific rules to detect and block SQL Injection attempts targeting the id_memorando parameter can provide an additional layer of defense during patch deployment. Regular database activity monitoring and anomaly detection should be established to identify suspicious query patterns indicative of exploitation attempts. Organizations should also review and restrict database user privileges to the minimum necessary to limit the impact of any potential injection. Finally, maintaining an incident response plan tailored to web application attacks will help in rapid containment and remediation if exploitation occurs.