CVE-2025-24901

HighPublic PoC

Published: 03 February 2025

Published

03 February 2025

Modified

13 February 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0051 66.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-24901 is a SQL injection vulnerability (CWE-89) affecting the WeGIA web application, a Web Manager for Charitable Institutions. The issue is located in the `deletar_permissao.php` endpoint and allows execution of arbitrary SQL queries. It impacts versions of WeGIA prior to 3.2.12 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An authorized attacker with low privileges can exploit this vulnerability remotely over the network with low attack complexity and without requiring user interaction. Successful exploitation enables the execution of arbitrary SQL queries, potentially granting access to sensitive information or allowing its deletion, with high impacts on confidentiality, integrity, and availability.

The GitHub Security Advisory (GHSA-jp48-94wm-3gmc) confirms the issue has been fixed in WeGIA version 3.2.12, urging all users to upgrade immediately. No workarounds are available.

Details

CWE(s): CWE-89

Affected Products

wegia

≤ 3.2.12

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SQL injection in a public-facing web app endpoint directly enables T1190 by allowing remote arbitrary SQL execution with low-priv access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc
Exploit, Vendor Advisory · security-advisories@github.com