CVE-2025-6699 in WeGIA
Summary
by MITRE • 06/26/2025
A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-23030. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/13/2026
This vulnerability represents a cross site scripting flaw in the LabRedesCefetRJ WeGIA 3.4.0 web application, specifically within the employee registration component. The issue manifests in the /html/funcionario/cadastro_funcionario.php file where user input parameters Nome/Sobrenome are not properly sanitized or validated before being rendered back to users. This creates an opportunity for attackers to inject malicious script code that executes in the context of other users' browsers, making it a classic client-side vulnerability that can be exploited through web interfaces.
The technical nature of this vulnerability aligns with CWE-79 which defines cross site scripting as the improper handling of input data that allows attackers to execute arbitrary scripts in victim browsers. The flaw occurs when user-supplied data containing script tags or malicious payloads is accepted without adequate filtering or encoding, enabling persistent or reflected XSS attacks. The vulnerability's remote exploitation capability means that attackers can trigger the malicious code through web requests without requiring physical access to the system, making it particularly dangerous in web-based environments.
The operational impact of this vulnerability is significant as it allows attackers to potentially steal session cookies, perform unauthorized actions on behalf of users, redirect victims to malicious sites, or even deface the web application interface. Since the exploit has been publicly disclosed and is actively available, the window of opportunity for exploitation is immediate, making this a critical security concern for any organization using this version of the WeGIA application. The lack of vendor response to prior disclosure attempts further compounds the risk, leaving affected organizations without official patches or remediation guidance.
Organizations utilizing this software should implement immediate mitigations including input validation and output encoding for all user-supplied data, particularly in the employee registration module. The implementation of Content Security Policy headers and proper HTML escaping techniques can provide additional protection layers. Additionally, network monitoring should be enhanced to detect potential exploitation attempts, and access controls should be reviewed to limit exposure. This vulnerability demonstrates the importance of maintaining updated software versions and establishing clear communication channels with vendors for security issue resolution, as the absence of vendor response creates an unacceptable risk posture for affected deployments.