CVE-2025-26606
Published: 18 February 2025
Summary
CVE-2025-26606 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection in the informacao_adicional.php endpoint by validating and sanitizing untrusted user inputs before database query construction.
Requires identification, reporting, and correction of the SQL injection flaw, such as upgrading to WeGIA version 3.2.13 where the vulnerability is fixed.
Enables vulnerability scanning to identify the SQL injection vulnerability (CWE-89) prior to exploitation, facilitating timely remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web app directly maps to T1190 for remote exploitation; arbitrary SQL queries enable/facilitate data access from databases (T1213.006).
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `informacao_adicional.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing…
more
unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26606 is a SQL injection vulnerability in the WeGIA open-source web manager application, which targets institutions and emphasizes Portuguese-language users. The flaw resides in the `informacao_adicional.php` endpoint, enabling attackers to execute arbitrary SQL queries and gain unauthorized access to sensitive information. It is associated with CWE-89 (SQL Injection) and CWE-284 (Improper Access Control), earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.
The vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation allows arbitrary SQL query execution, potentially leading to full compromise of the database, including extraction, modification, or deletion of sensitive data.
The GitHub Security Advisory (GHSA-rxjr-cw9q-cwwg) confirms the issue is fixed in WeGIA version 3.2.13, urging all users to upgrade immediately, with no known workarounds available.
Details
- CWE(s)