CVE-2025-61603 – CVE-2025-61603 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-61603?

CVE-2025-61603 has a CVSS score of 9.8 (CRITICAL). CVE-2025-61603 is a critical SQL injection vulnerability in WeGIA web management software for charitable institutions. Attackers can execute arbitrary SQL commands through the /controle/control.php endpoint's descricao parameter, potentially compromising the entire database. Organizations running WeGIA versions 3.4.12 and below are affected.

📋 TL;DR

CVE-2025-61603 is a critical SQL injection vulnerability in WeGIA web management software for charitable institutions. Attackers can execute arbitrary SQL commands through the /controle/control.php endpoint's descricao parameter, potentially compromising the entire database. Organizations running WeGIA versions 3.4.12 and below are affected.

💻 Affected Systems

Products:

WeGIA (Web manager for charitable institutions)

Versions: Versions 3.4.12 and below

Operating Systems: Any OS running PHP and MySQL/MariaDB

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations using vulnerable versions regardless of configuration.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, deletion of all records, and potential server takeover via database server exploitation.

🟠

Likely Case

Unauthorized access to sensitive donor information, financial records, and personal data of beneficiaries, with potential data exfiltration or modification.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions restricting damage to specific tables.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing, making them directly accessible to attackers worldwide.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited with readily available tools like sqlmap. The advisory provides enough detail for attackers to craft exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.5.0

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4

Restart Required: No

Instructions:

1. Backup your current WeGIA installation and database. 2. Download version 3.5.0 from the official repository. 3. Replace the vulnerable files with the patched version. 4. Verify the fix by checking that the descricao parameter now uses parameterized queries.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the /controle/control.php endpoint and descricao parameter.

Input Validation Filter

all

Add server-side input validation to reject SQL keywords and special characters in the descricao parameter.

🧯 If You Can't Patch

Implement network segmentation to isolate the WeGIA server from sensitive systems and restrict access to trusted IPs only.
Enable detailed logging and monitoring for suspicious SQL queries and implement database user privilege reduction.

🔍 How to Verify

Check if Vulnerable:

Check if your WeGIA version is 3.4.12 or below by examining the software version in the admin interface or configuration files.

Check Version:

Check the WeGIA configuration files or admin dashboard for version information. No single command exists for all installations.

Verify Fix Applied:

After patching, test the /controle/control.php endpoint with SQL injection payloads in the descricao parameter to ensure they are properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts or parameter manipulation in access logs
Suspicious SQL keywords (UNION, SELECT, INSERT, DROP) in POST parameters

Network Indicators:

Unusual database connection patterns from web server
Large data transfers from database server

SIEM Query:

source="wegia_logs" AND ("SQL syntax" OR "You have an error in your SQL syntax" OR "descricao" AND ("UNION" OR "SELECT" OR "INSERT" OR "DROP"))

📊 Metadata

CVE ID: CVE-2025-61603

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.06% exploit probability (17.2th percentile)

Published: October 2, 2025

Last Updated: October 7, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/commit/84958eed73741a544859eea297908db3b83b3833 Patch
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4 Exploit,Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61603, you might also want to check these: