CVE-2025-22132
Published: 07 January 2025
Summary
CVE-2025-22132 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Wegia Wegia. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the insufficient input validation in the file upload endpoint that allows malicious JavaScript code in uploaded files.
Restricts uploads to safe file types and characteristics, mitigating CWE-434 unrestricted upload of dangerous files containing executable scripts.
Requires timely installation of the official patch in WeGIA 3.2.7 that remediates the specific XSS flaw.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS via unrestricted malicious file upload directly enables exploitation of a public-facing web app (T1190) and arbitrary JavaScript execution in the victim browser (T1059.007).
NVD Description
WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the…
more
context of a victim's browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7.
Deeper analysisAI
CVE-2025-22132 is a Cross-Site Scripting (XSS) vulnerability in WeGIA, an open-source web manager for charitable institutions. The flaw resides in the file upload functionality at the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint, where insufficient input validation allows attackers to upload files containing malicious JavaScript code. This issue, linked to CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-434 (Unrestricted Upload of File with Dangerous Type), affects versions prior to 3.2.7 and carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).
Exploitation requires an authenticated attacker with high privileges (PR:H), such as an administrative or authorized user capable of accessing the file upload feature over the network (AV:N). The attacker uploads a specially crafted file with embedded JavaScript, which executes in the context of a victim's browser upon user interaction (UI:R), such as opening or processing the file. Successful exploitation enables arbitrary script execution with high confidentiality and integrity impacts (C:H/I:H), potentially leading to information theft, session hijacking, and other client-side attacks, with changed scope (S:C) and low availability impact (A:L).
Mitigation is available through the official patch in WeGIA version 3.2.7, as detailed in the GitHub security advisory (GHSA-h8hr-jhcx-fcv9) and the fixing commit (330f641db43cfb0c8ea8bb6025cc0732de4d4d6b). Security practitioners should urge users to update to the patched version immediately and review access controls on file upload endpoints to limit privileges.
Details
- CWE(s)