CVE-2025-30361: WeGIA Vulnerable to Broken Authentication - Old Password Validation
First published: Thu Mar 27 2025(Updated: )
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WeGIA | <3.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-30361?
CVE-2025-30361 is considered to have a high severity due to the potential for unauthorized password changes.
How do I fix CVE-2025-30361?
To fix CVE-2025-30361, upgrade to WeGIA version 3.2.6 or later.
What systems are affected by CVE-2025-30361?
CVE-2025-30361 affects all versions of WeGIA prior to 3.2.6.
What can an attacker do with CVE-2025-30361?
With CVE-2025-30361, an attacker can change a user's password without verifying the old password, compromising account security.
How can I prevent exploitation of CVE-2025-30361?
Prevent exploitation of CVE-2025-30361 by ensuring your WeGIA installation is updated to version 3.2.6 or later.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/first-publish-date
- agent/references
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/wegia
- canonical/wegia