CVE-2025-23220
Published: 20 January 2025
Summary
CVE-2025-23220 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the SQL injection in adicionar_raca.php by requiring validation of user inputs to prevent arbitrary SQL command execution.
Ensures timely remediation of the identified SQL injection flaw through patching to WeGIA version 3.2.10.
Restricts harmful input patterns and characters to the adicionar_raca.php endpoint, reducing the risk of successful SQL injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a network-accessible web application endpoint (adicionar_raca.php) with no authentication required directly enables remote exploitation of a public-facing application to execute arbitrary SQL queries and access sensitive data.
NVD Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL…
more
commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
Deeper analysisAI
CVE-2025-23220 is a SQL injection vulnerability (CWE-89) affecting the WeGIA open-source web manager, an application designed with a focus on the Portuguese language for charitable institutions. The flaw is located in the adicionar_raca.php endpoint, where insufficient input validation allows attackers to inject and execute arbitrary SQL commands directly against the application's database.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, and no requirements for privileges or user interaction. Unauthenticated remote attackers can exploit it to execute arbitrary SQL queries, enabling unauthorized access to sensitive information, including a complete dump of the application's database.
Mitigation is available in WeGIA version 3.2.10, which addresses the issue through a patch detailed in the project's GitHub commit 1739e1589948a207b8a82b9bfe078cb826d420de. Additional guidance on the fix and remediation steps is provided in the GitHub security advisory GHSA-425j-h4cf-g52j.
Details
- CWE(s)