CVE-2025-50201
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
34.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in versio
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 6/19/2025
- Last Modified
- 7/2/2025
Frequently Asked Questions
What is CVE-2025-50201?
WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in versio
Is CVE-2025-50201 actively exploited?
Active exploitation of CVE-2025-50201 has not been confirmed. The EPSS score is 34.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-50201?
CVE-2025-50201 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2025-50201 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.