Weak password requirements in WeGIA - CVE-2025-67497
Published: April 23, 2026
Vulnerability identifier: #VU127295
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-67497
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LabReDeS
Affected software:
WeGIA
WeGIA
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to weak password requirements in the user creation and password assignment functionality when creating accounts or assigning passwords. A remote attacker can guess weak credentials for affected accounts to disclose sensitive information.
Exploitation depends on an administrator having created or assigned an extremely weak and predictable password to an account.
How to mitigate CVE-2025-67497
Install security update from vendor's website.