CVE-2025-58745 is a critical vulnerability affecting versions of the WeGIA web management system for charitable institutions prior to 3.4.11. The vulnerability arises from improper control over code generation, specifically a code injection flaw (CWE-94) combined with an arbitrary file upload issue (CWE-434). The root cause is insufficient validation of uploaded files at the endpoint `/html/socio/sistema/controller/controla_xlsx.php`. WeGIA attempts to restrict uploads to Excel files by checking MIME types; however, this check is bypassable by crafting a PHP file that mimics the magic bytes of an Excel file. This allows an attacker to upload a malicious webshell disguised as an Excel file. Once uploaded, the attacker can execute arbitrary code remotely on the server, leading to full compromise. The vulnerability has a CVSS 3.1 base score of 10.0, indicating critical severity with network attack vector, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality, integrity, and availability with scope change. Although no known exploits are currently reported in the wild, the ease of bypassing MIME checks and the high impact of remote code execution make this a severe threat. The vendor has addressed the issue in version 3.4.11 with an updated fix, but systems running earlier versions remain vulnerable.

For European organizations using WeGIA to manage charitable or nonprofit operations, this vulnerability poses a significant risk. Successful exploitation can lead to complete server takeover, allowing attackers to steal sensitive donor and beneficiary data, manipulate records, disrupt services, or use the compromised server as a foothold for further network intrusion. Given that WeGIA is specialized software for charitable institutions, the impact includes potential breaches of personal data protected under GDPR, leading to regulatory penalties and reputational damage. Additionally, the ability to execute arbitrary code remotely can facilitate ransomware deployment or lateral movement within organizational networks. The criticality of the vulnerability means that even low-skilled attackers with some privileges could exploit it, increasing the likelihood of compromise. The disruption of charitable services could also affect vulnerable populations relying on these organizations, amplifying the societal impact.

Organizations should immediately verify their WeGIA version and upgrade to 3.4.11 or later, where the vulnerability is patched. If upgrading is not immediately possible, implement strict network segmentation to isolate WeGIA servers and restrict access to trusted administrators only. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious file uploads, especially those attempting to disguise PHP files as Excel documents. Conduct thorough input validation beyond MIME type checks, such as verifying file extensions, scanning file contents for embedded PHP code, and using allowlists for file types. Monitor server logs for unusual upload activity or execution of unexpected scripts. Disable unnecessary PHP execution permissions in upload directories to prevent execution of uploaded webshells. Regularly audit user privileges to minimize the number of users with upload or administrative rights. Finally, implement robust incident response plans to quickly contain and remediate any detected exploitation attempts.