CVE-2025-30361CRITICAL 9.8EPSS p38.9%

CVE-2025-30361CVE-2025-30361

Description

WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.9% · 2026-06-19T12:03:05Z
Published2025-03-27
Last modified2025-04-10

Underlying weaknesses· 1

CWE-287

References

  1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m6qw-r3m9-jf7h

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-30367
CVE
CVE-2025-61603
CVE
CVE-2025-30365
CVE
CVE-2025-52474
CVE
CVE-2025-26610
CVE
CVE-2025-30364
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.