CVE-2025-23219
Published: 20 January 2025
Summary
CVE-2025-23219 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information input validation directly prevents SQL injection by checking and sanitizing user inputs to the adicionar_cor.php endpoint before database execution.
Flaw remediation requires patching the WeGIA application to version 3.2.10, which fixes the specific SQL injection vulnerability.
Boundary protection implements web application firewalls to monitor and block SQL injection payloads targeting the vulnerable endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote unauthenticated SQL injection in a public-facing web application (adicionar_cor.php) directly enables T1190 Exploit Public-Facing Application, allowing arbitrary SQL execution and database dumping.
NVD Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL…
more
commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
Deeper analysisAI
CVE-2025-23219 is a SQL injection vulnerability (CWE-89) affecting the WeGIA open-source web manager, which is designed with a focus on the Portuguese language and charitable institutions. The flaw exists specifically in the adicionar_cor.php endpoint, enabling attackers to execute arbitrary SQL commands against the application's database.
With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited remotely by unauthenticated attackers over the network with low complexity and no user interaction required. Successful exploitation allows unauthorized access to sensitive information, including the ability to perform a complete dump of the application's database.
The vulnerability has been addressed in WeGIA version 3.2.10. Mitigation details and the fixing commit are available in the GitHub security advisory at https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h2mg-4c7q-w69v and the commit at https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e.
Details
- CWE(s)