CVE-2025-26615
Published: 18 February 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2025-26615 is a Path Traversal vulnerability (CWE-22, CWE-284) affecting WeGIA, an open-source web manager for institutions primarily targeting Portuguese-language users. The issue resides in the examples.php endpoint, which enables attackers to bypass access controls and read sensitive files, specifically config.php. This file stores database connection details, exposing credentials that could facilitate further unauthorized access.
The vulnerability carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Exploitation allows retrieval of config.php contents, granting direct database access and potentially leading to confidentiality, integrity, and availability impacts across the scoped application.
The vulnerability has been addressed in WeGIA version 3.2.14, with all users urged to upgrade promptly. No workarounds are available. Additional details are provided in the GitHub Security Advisory at https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-p5wx-pv8j-f96h.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal in public-facing WeGIA web app enables remote file read of config.php containing DB credentials, mapping to T1190 for initial access and T1552.001 for credential access.