CVE-2025-58745 is a critical vulnerability affecting versions of the WeGIA web management system for charitable institutions prior to 3.4.11. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code, i.e., code injection) and CWE-434 (Unrestricted Upload of File with Dangerous Type). The root cause stems from insufficient validation of uploaded files at the endpoint `/html/socio/sistema/controller/controla_xlsx.php`. Although WeGIA attempts to restrict uploads to Excel files by checking MIME types, this check is bypassable by embedding the magic bytes of an Excel file within a PHP file. Consequently, an attacker can upload a malicious webshell disguised as an Excel file, enabling remote code execution (RCE) on the server. This vulnerability is particularly severe because it allows unauthenticated remote attackers to execute arbitrary code with low complexity and no user interaction, potentially leading to full system compromise. The vulnerability was not fully remediated by a previous fix for CVE-2025-22133, indicating a partial patch that failed to address the underlying file validation logic. The vendor released version 3.4.11 with an updated fix to properly validate and restrict file uploads, mitigating this attack vector. The CVSS v3.1 score is 10.0 (critical), reflecting the vulnerability’s network attack vector, low attack complexity, required privileges (low), no user interaction, and complete impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet, but the ease of exploitation and impact make this a high-risk issue for affected deployments.

For European organizations using WeGIA to manage charitable institutions, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized remote code execution, allowing attackers to take full control of the affected servers. This could result in data breaches involving sensitive donor and beneficiary information, manipulation or destruction of records, and disruption of critical services. Given the nature of charitable organizations, reputational damage and loss of trust could be severe. Additionally, attackers could leverage compromised servers as pivot points for lateral movement within organizational networks or to launch further attacks. The critical severity and ease of exploitation mean that even organizations with limited cybersecurity maturity are at risk. The impact extends beyond confidentiality to integrity and availability, potentially causing operational outages and regulatory compliance violations under GDPR due to unauthorized data access or loss.

Organizations should immediately verify their WeGIA version and upgrade to version 3.4.11 or later, which contains the updated fix addressing this vulnerability. Until the upgrade is applied, organizations should implement strict network segmentation and firewall rules to limit access to the upload endpoint, restricting it to trusted users and IP addresses only. Web application firewalls (WAFs) should be configured to detect and block suspicious file uploads, particularly those with mismatched MIME types and file headers. Additionally, file upload handling should be audited to ensure that only legitimate Excel files are accepted, potentially by implementing server-side content inspection beyond MIME type checks, such as validating file structure or using antivirus scanning. Monitoring and logging of upload activity should be enhanced to detect anomalous behavior. Organizations should also conduct thorough security assessments and penetration testing focused on file upload functionality. Finally, incident response plans should be updated to include detection and remediation steps for webshell infections.