CVE-2025-24902 is a critical SQL Injection vulnerability identified in the WeGIA application, a web management platform designed for charitable institutions developed by LabRedesCefetRJ. The flaw exists specifically in the `salvar_cargo.php` endpoint, which is responsible for handling certain data submissions related to user roles or positions. This vulnerability arises from improper neutralization of special elements used in SQL commands (CWE-89), allowing an attacker with authorized access to inject arbitrary SQL queries. Exploitation of this vulnerability can lead to unauthorized access, modification, or deletion of sensitive data stored in the backend database. The CVSS 4.0 base score of 9.4 reflects the critical nature of this issue, highlighting its network attack vector (AV:N), low attack complexity (AC:L), no user interaction required (UI:N), and the fact that it requires privileges (PR:L) but no additional authentication tokens (AT:N). The impact metrics indicate high confidentiality, integrity, and availability impacts, with scope and security requirements also rated high. Although no known exploits are currently observed in the wild, the vulnerability poses a significant risk due to the ease of exploitation and the sensitive nature of the data managed by WeGIA. The vendor has addressed this vulnerability in version 3.2.12, and users are strongly advised to upgrade to this or later versions to mitigate the risk. No workarounds are available, emphasizing the importance of patching.

For European organizations, especially charitable institutions and NGOs utilizing the WeGIA platform, this vulnerability could have severe consequences. Exploitation could lead to unauthorized disclosure of donor information, financial data, or internal organizational details, potentially violating GDPR and other data protection regulations. Data integrity could be compromised, leading to manipulation or deletion of critical records, which could disrupt operations and damage organizational reputation. Availability impacts could result from destructive SQL commands, causing service outages or data loss. Given the criticality and ease of exploitation, attackers could leverage this vulnerability to conduct espionage, fraud, or sabotage. The lack of known exploits currently provides a window for proactive mitigation, but the risk of future exploitation remains high. European organizations must consider the regulatory and reputational risks alongside operational impacts.

1. Immediate upgrade to WeGIA version 3.2.12 or later is mandatory to remediate the vulnerability. 2. Conduct a thorough audit of database logs and application activity to detect any signs of exploitation prior to patching. 3. Implement strict access controls to limit authorized user privileges, minimizing the risk posed by authorized attackers. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the `salvar_cargo.php` endpoint until patching is complete. 5. Review and enhance input validation and parameterized query usage throughout the application to prevent similar injection flaws. 6. Establish continuous monitoring and alerting for anomalous database queries or application behavior. 7. Train developers and administrators on secure coding practices and vulnerability management specific to SQL injection. 8. For organizations unable to immediately patch, consider isolating the affected application environment and restricting network access to reduce exposure.