CVE-2025-22140
Published: 08 January 2025
Summary
CVE-2025-22140 is a high-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by requiring validation and sanitization of untrusted inputs like the id_dependente parameter.
Mandates timely remediation of identified flaws, such as applying the patch to WeGIA 3.2.8 that fixes this SQL injection vulnerability.
Enables vulnerability scanning to identify and prioritize SQL injection vulnerabilities like CVE-2025-22140 for remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a remotely accessible web endpoint (public-facing management app) directly enables T1190 exploitation with authenticated low-priv access.
NVD Description
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the…
more
database. This vulnerability is fixed in 3.2.8.
Deeper analysisAI
CVE-2025-22140 is a SQL injection vulnerability (CWE-89) affecting WeGIA, a web-based management system for charitable institutions. The issue occurs in the /html/funcionario/dependente_listar_um.php endpoint due to insufficient sanitization of the id_dependente parameter, enabling attackers to inject and execute arbitrary SQL commands against the backend database. This flaw impacts versions of WeGIA prior to 3.2.8 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential impacts on confidentiality, integrity, and availability.
Exploitation requires low privileges, such as those of an authenticated user (PR:L), and can be performed remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). A successful attack allows arbitrary SQL execution, enabling data exfiltration, unauthorized modifications, or disruption of database services, thereby fully compromising the targeted database.
Mitigation is available via an update to WeGIA version 3.2.8, which addresses the injection flaw. Additional details on the patch and remediation steps are provided in the GitHub security advisories at https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mrhp-wfp2-59h5 and https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mrhp-wfp2-59h5.
Details
- CWE(s)