CVE-2025-22598
Published: 10 January 2025
Summary
CVE-2025-22598 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Wegia Wegia. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 41.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs like the local_recepcao parameter to prevent injection of malicious scripts in the WeGIA application.
SI-15 mandates filtering of information outputs to encode or sanitize stored data from local_recepcao, preventing automatic script execution when the affected page is accessed.
SI-2 ensures timely identification, reporting, and correction of flaws like this stored XSS vulnerability by applying the fix in WeGIA version 3.2.8.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS directly enables JavaScript execution in victim browsers (T1059.007) and facilitates session hijacking/data theft (T1185).
NVD Description
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are…
more
stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
Deeper analysisAI
CVE-2025-22598 is a Stored Cross-Site Scripting (XSS) vulnerability, classified under CWE-79, affecting the WeGIA web application, which serves as a manager for charitable institutions. The issue exists in the cadastrarSocio.php endpoint, where attackers can inject malicious scripts through the local_recepcao parameter. These scripts are persistently stored on the server and automatically execute in users' browsers whenever the affected page is accessed.
Unauthenticated attackers (PR:N) with network access (AV:N) can exploit this vulnerability with low attack complexity (AC:L), though it requires user interaction such as visiting the affected page (UI:R). Exploitation yields high impacts on confidentiality and integrity, with low availability impact, resulting in a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L). Attackers can thereby execute arbitrary scripts in the context of other users, enabling actions like session hijacking, data theft, or further compromise.
The vulnerability has been fixed in WeGIA version 3.2.8. Additional details on the issue and remediation are available in the GitHub security advisory at https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9x2j-pw3h-p53f.
Details
- CWE(s)