CVE-2025-61604 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting WeGIA, an open-source web management platform primarily used by charitable institutions. The vulnerability exists in versions 3.4.12 and earlier. Specifically, the delete operation for the Almoxarifado entity (likely an inventory or warehouse management module) is exposed via an HTTP GET request that lacks any CSRF protection mechanisms. This means that an attacker can craft a malicious website or link that, when visited by an authenticated user of the vulnerable WeGIA instance, triggers the deletion action without the user's consent or knowledge. The vulnerability does not require any authentication or elevated privileges on the attacker’s part, but it does require the victim to be authenticated and to interact with the malicious content (user interaction). The CVSS 4.0 score of 7.1 reflects the network attack vector, low attack complexity, no privileges required, but user interaction is necessary, with a high impact on integrity and low impact on availability and confidentiality. The vulnerability is fixed in WeGIA version 3.5.0. No known exploits are currently reported in the wild. The root cause is the use of HTTP GET for a state-changing operation without anti-CSRF tokens or other protections, violating best practices for web application security. This flaw could allow unauthorized deletion of critical inventory data, potentially disrupting operations of charitable organizations relying on WeGIA for resource management.

For European organizations, especially charitable institutions using WeGIA for managing inventory or resources, this vulnerability poses a significant risk to data integrity. An attacker exploiting this flaw could cause unauthorized deletion of inventory records, leading to operational disruptions, loss of critical resource tracking, and potential financial or reputational damage. Since the vulnerability requires the victim to be authenticated and to interact with malicious content, phishing or social engineering campaigns could be used to facilitate exploitation. The impact is particularly concerning for organizations with limited IT security resources or those that have not updated to the fixed version. Additionally, disruption of charitable services could have broader social implications. Although confidentiality and availability impacts are low, the integrity compromise could undermine trust in the affected organizations’ systems and data.

European organizations using WeGIA should immediately upgrade to version 3.5.0 or later, where the CSRF vulnerability has been addressed. Until the upgrade is applied, organizations should implement compensating controls such as: 1) Restricting access to the WeGIA application to trusted networks or VPNs to reduce exposure. 2) Employing web application firewalls (WAFs) with custom rules to detect and block suspicious GET requests targeting the Almoxarifado delete endpoint. 3) Educating users about the risks of clicking on untrusted links or visiting suspicious websites while authenticated. 4) Monitoring application logs for unusual delete operations or patterns indicative of CSRF exploitation attempts. 5) If possible, modifying server configurations to reject state-changing operations via GET requests or to require additional verification steps. These measures can reduce the risk of exploitation while the official patch is deployed.