Cyber Resilience

CVE-2025-30365

CriticalPublic PoC

Published: 27 March 2025

Published
27 March 2025
Modified
10 April 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0029 53.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30365 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-30365 is a SQL injection vulnerability (CWE-89) in WeGIA, a web manager for charitable institutions, affecting versions prior to 3.2.8. The flaw exists in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter, which fails to properly sanitize input. This allows attackers to inject and execute arbitrary SQL commands, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By crafting malicious payloads in the query parameter, they can execute arbitrary SQL commands against the database, enabling data exfiltration, modification, deletion, or denial-of-service conditions.

The GitHub security advisory (GHSA-ghx8-h92j-h422) confirms that upgrading to WeGIA version 3.2.8 resolves the issue by addressing the injection vulnerability in the affected endpoint.

EU & UK References

Vulnerability details

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality,…

more

integrity, and availability of the database. Version 3.2.8 fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in public-facing web app endpoint allows unauthenticated remote exploitation, directly mapping to T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26612Same product: Wegia Wegia
CVE-2026-35395Same product: Wegia Wegia
CVE-2025-24906Same product: Wegia Wegia
CVE-2025-27133Same product: Wegia Wegia
CVE-2025-22141Same product: Wegia Wegia
CVE-2026-33134Same product: Wegia Wegia
CVE-2025-23219Same product: Wegia Wegia
CVE-2025-24902Same product: Wegia Wegia
CVE-2025-24958Same product: Wegia Wegia
CVE-2026-31895Same product: Wegia Wegia

Affected Assets

wegia
wegia
≤ 3.2.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates SQL injection by requiring input validation mechanisms at entry points like the vulnerable query parameter to block malicious payloads.

prevent

Ensures timely flaw remediation through patching to WeGIA version 3.2.8, which fixes the SQL injection vulnerability in the specified endpoint.

prevent

Boundary protection devices such as web application firewalls monitor and filter inbound traffic to block SQL injection attempts targeting the vulnerable endpoint.

References