Platform
php
Component
wegia
Opgelost in
3.2.9
CVE-2025-22133 describes a critical Remote Code Execution (RCE) vulnerability within WeGIA, a web manager for charitable institutions. This flaw allows attackers to upload and execute malicious files, potentially leading to complete system compromise. The vulnerability affects versions of WeGIA prior to 3.2.8, and a patch is available in version 3.2.8.
The impact of CVE-2025-22133 is severe. An attacker can leverage this vulnerability to upload and execute arbitrary code on the server hosting WeGIA. This could lead to complete system takeover, data exfiltration (including sensitive donor information and financial records), and disruption of charitable operations. The ability to execute arbitrary code grants the attacker the highest level of access, effectively allowing them to control the entire system. Successful exploitation could also be used as a pivot point to compromise other systems within the organization's network, expanding the blast radius significantly.
CVE-2025-22133 was publicly disclosed on 2025-01-07. The vulnerability's ease of exploitation, combined with the critical nature of the affected systems (charitable organizations often handling sensitive data), suggests a potential for active exploitation. No public proof-of-concept (POC) code has been publicly released as of this writing, but the vulnerability's simplicity makes it likely that POCs will emerge. Its severity warrants close monitoring and proactive mitigation.
Charitable institutions and organizations utilizing WeGIA for web management are at significant risk. Specifically, organizations running older, unpatched versions of WeGIA (≤ 3.2.8) are highly vulnerable. Shared hosting environments where multiple organizations share the same server infrastructure are also at increased risk, as a compromise of one WeGIA instance could potentially impact others.
• linux / server: Monitor web server access logs for requests to /WeGIA/html/socio/sistema/controller/controla_xlsx.php with unusual file extensions (e.g., .phar). Use journalctl -f to observe file upload activity.
grep -i 'phar' /var/log/apache2/access.log• generic web: Use curl to test the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint with a .phar file upload. Check the response headers for any errors or unexpected behavior.
curl -F '[email protected]' http://your-wegia-server/WeGIA/html/socio/sistema/controller/controla_xlsx.phpdisclosure
Exploit Status
EPSS
0.42% (62% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-22133 is to immediately upgrade WeGIA to version 3.2.8 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file uploads to only explicitly allowed file types. Implement strict file size limits to prevent the upload of large, potentially malicious files. Consider using a Web Application Firewall (WAF) to filter out suspicious file uploads. Monitor WeGIA logs for unusual file upload activity. After upgrading, verify the fix by attempting to upload a known malicious .phar file; it should be rejected.
Actualice WeGIA a la versión 3.2.8 o superior. Esta versión corrige la vulnerabilidad de carga de archivos arbitrarios. Se recomienda realizar una copia de seguridad antes de actualizar.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-22133 is a critical RCE vulnerability in WeGIA, a web manager for charitable institutions, allowing attackers to execute arbitrary code through malicious file uploads.
You are affected if you are using WeGIA version 3.2.8 or earlier. Upgrade to 3.2.8 to mitigate the risk.
Upgrade WeGIA to version 3.2.8. As a temporary workaround, restrict file uploads and implement WAF rules.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests a high probability of exploitation.
Refer to the WeGIA official website or security advisories for the latest information and updates regarding CVE-2025-22133.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.