CVE-2025-30365
Published: 27 March 2025
Summary
CVE-2025-30365 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection by requiring input validation mechanisms at entry points like the vulnerable query parameter to block malicious payloads.
Ensures timely flaw remediation through patching to WeGIA version 3.2.8, which fixes the SQL injection vulnerability in the specified endpoint.
Boundary protection devices such as web application firewalls monitor and filter inbound traffic to block SQL injection attempts targeting the vulnerable endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web app endpoint allows unauthenticated remote exploitation, directly mapping to T1190 Exploit Public-Facing Application.
NVD Description
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality,…
more
integrity, and availability of the database. Version 3.2.8 fixes the issue.
Deeper analysisAI
CVE-2025-30365 is a SQL injection vulnerability (CWE-89) in WeGIA, a web manager for charitable institutions, affecting versions prior to 3.2.8. The flaw exists in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter, which fails to properly sanitize input. This allows attackers to inject and execute arbitrary SQL commands, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By crafting malicious payloads in the query parameter, they can execute arbitrary SQL commands against the database, enabling data exfiltration, modification, deletion, or denial-of-service conditions.
The GitHub security advisory (GHSA-ghx8-h92j-h422) confirms that upgrading to WeGIA version 3.2.8 resolves the issue by addressing the injection vulnerability in the affected endpoint.
Details
- CWE(s)