CVE-2025-22598 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ, which is used primarily by charitable institutions. The vulnerability exists in the cadastrarSocio.php endpoint, specifically in the handling of the local_recepcao parameter. Due to improper neutralization of input during web page generation (CWE-79), an attacker can inject malicious JavaScript code into this parameter. Because the vulnerability is of the stored XSS type, the injected script is saved on the server and executed automatically whenever any user accesses the affected page. This can lead to a range of attacks including session hijacking, credential theft, unauthorized actions on behalf of users, and distribution of malware. The CVSS v3.1 base score is 8.3, indicating a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact on confidentiality and integrity is high, while availability impact is low. The vulnerability affects all versions of WeGIA prior to 3.2.8, where the issue has been fixed. No known exploits are currently reported in the wild, but the nature of stored XSS vulnerabilities makes them attractive targets for attackers, especially in applications handling sensitive user data. The vulnerability arises from insufficient input validation and output encoding, allowing malicious scripts to be stored and later executed in the context of legitimate users' browsers.

For European organizations, especially charitable institutions or NGOs using the WeGIA platform, this vulnerability poses significant risks. Exploitation could lead to theft of sensitive personal data of donors, beneficiaries, and staff, undermining trust and potentially violating GDPR regulations concerning data protection and privacy. Attackers could hijack user sessions, perform unauthorized transactions or data modifications, and spread malware or phishing attacks through the trusted application interface. This could result in reputational damage, financial loss, and regulatory penalties. Given that WeGIA is a niche product for charitable organizations, the impact is concentrated but critical for affected entities. The stored nature of the XSS increases the risk of widespread impact within an organization once the malicious payload is injected. Additionally, the requirement for user interaction (e.g., visiting the affected page) means social engineering or phishing could be used to increase exploitation success.

Organizations using WeGIA should immediately upgrade to version 3.2.8 or later where the vulnerability is patched. Until the upgrade is applied, implement strict input validation and output encoding on the local_recepcao parameter to neutralize any potentially malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the browser context. Conduct thorough security testing and code reviews focusing on input handling and output encoding throughout the application. Educate users about the risks of clicking on suspicious links or interacting with unexpected content within the application. Monitor logs for unusual input patterns or repeated attempts to exploit the cadastrarSocio.php endpoint. If upgrading is delayed, consider temporarily disabling or restricting access to the vulnerable endpoint to reduce exposure. Finally, ensure incident response plans are updated to handle potential XSS exploitation scenarios.