CVE-2025-26613
Published: 18 February 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2025-26613 is an OS Command Injection vulnerability (CWE-78, CWE-284) in the WeGIA open-source Web Manager for Institutions, which primarily serves Portuguese language users. The flaw resides in the gerenciar_backup.php endpoint and enables remote execution of arbitrary operating system commands. Published on 2025-02-18 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it affects WeGIA versions prior to the patched release.
The vulnerability is exploitable by unauthenticated attackers over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary code execution on the underlying server, potentially leading to complete compromise of confidentiality, integrity, and availability, such as data theft, modification, or denial of service.
The GitHub security advisory confirms the issue has been addressed in WeGIA version 3.2.14, urging all users to upgrade immediately. No workarounds are available. For full details, refer to https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g3w6-m6w8-p6r2.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
OS command injection in public-facing web app directly enables T1190 (Exploit Public-Facing Application) for initial remote access and T1059 (Command and Scripting Interpreter) for arbitrary OS command execution.