CVE-2025-22133
Published: 07 January 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-22133 is a critical vulnerability in WeGIA, a web manager for charitable institutions, affecting versions prior to 3.2.8. The flaw exists in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint, which accepts file uploads without proper validation. This allows the upload of malicious files, such as .phar extensions, that can then be executed by the server. It is associated with CWE-94 (improper control of code generation) and CWE-434 (unrestricted upload of files with dangerous type).
The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating exploitation over the network by low-privileged users with low attack complexity and no user interaction required. Attackers can upload and execute arbitrary malicious files, achieving high-impact remote code execution that compromises confidentiality, integrity, and availability across the affected system's scope.
Mitigation is provided in WeGIA version 3.2.8, which fixes the validation issue. The GitHub security advisory (GHSA-mjgr-2jxv-v8qf) and the patching commit (a08f04de96d3caec85496d7a89a5b82d1960d9dd) detail the resolution and are available at the WeGIA repository. Security practitioners should upgrade immediately to patched versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Arbitrary file upload in public-facing web endpoint allows uploading and executing malicious .phar files (web shells), enabling exploitation of public-facing applications and web shell deployment for remote code execution.