CVE-2025-26605
Published: 18 February 2025
Summary
CVE-2025-26605 is a high-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validating information inputs against expected syntax and semantics, directly preventing SQL injection in the deletar_cargo.php endpoint due to insufficient input validation.
SI-2 mandates identifying, prioritizing, and remediating flaws, directly addressing the need to upgrade WeGIA to version 3.2.13 where this SQL injection vulnerability is fixed.
RA-5 requires vulnerability scanning of applications, which would detect and enable remediation of SQL injection flaws like CVE-2025-26605 prior to exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in a publicly accessible web application directly enables T1190 (Exploit Public-Facing Application) via network-accessible arbitrary SQL execution.
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries,…
more
allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26605 is a SQL injection vulnerability (CWE-89) in the WeGIA open-source web manager application, which targets institutions and primarily serves Portuguese-language users. The flaw resides in the `deletar_cargo.php` endpoint, where insufficient input validation allows arbitrary SQL query execution. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
An authorized attacker with low privileges, such as a legitimate user account, can exploit this over the network with low complexity and no user interaction required. Successful exploitation enables execution of arbitrary SQL queries, potentially granting access to sensitive information stored in the database, including unauthorized data extraction, modification, or deletion.
The GitHub security advisory (GHSA-6gv7-4j8g-cvgp) confirms the issue has been fixed in WeGIA version 3.2.13, urging all users to upgrade immediately. No workarounds are available.
Details
- CWE(s)