CVE-2025-67501 CRITICAL

CVE-2025-67501: WeGIA is vulnerable to SQL Injection via editar_categoria endpoint parameter

Vendor Labredescefetrj

Product WeGIA

Weakness CWE-89 · SQLi

Published December 9, 2025

Last update December 10, 2025

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id_categoria parameter, which allows attackers to inject malicious SQL payloads for direct execution. This issue is fixed in version 3.5.5.

Key dates

02Disclosure timeline

December 9, 2025 CVE published

December 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-67501 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2025-67501: WeGIA is vulnerable to SQL Injection via editar_categoria endpoint parameter

01Description

02Disclosure timeline

03References

04Related CVE