CVE-2025-23218
Published: 20 January 2025
Summary
CVE-2025-23218 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection in adicionar_especie.php by requiring validation and sanitization of user inputs before incorporation into SQL queries.
Requires timely remediation of the specific SQL injection flaw via upgrade to WeGIA version 3.2.10, eliminating the vulnerability.
Enforces restrictions on input types, formats, and quantities to block malicious SQL payloads targeting the vulnerable endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web app directly enables T1190 for initial access; arbitrary SQL execution facilitates T1213.006 for database data collection/dump.
NVD Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL…
more
commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
Deeper analysisAI
CVE-2025-23218 is a SQL injection vulnerability (CWE-89) in the WeGIA open-source web management application, which targets Portuguese-language users and charitable institutions. The flaw resides in the adicionar_especie.php endpoint, enabling attackers to inject and execute arbitrary SQL commands against the application's database. Assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it was publicly disclosed on January 20, 2025.
Remote attackers require no authentication, privileges, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation grants unauthorized access to sensitive information, including the ability to perform a complete database dump, potentially exposing all stored data such as user records or institutional details.
The vulnerability has been addressed in WeGIA version 3.2.10. Security practitioners should upgrade to this patched release, as detailed in the GitHub security advisory (GHSA-xhv4-88gx-hvgh) and the fixing commit (7465f785651c0cff65059bba96b015ab54235de4).
Details
- CWE(s)