Cyber Resilience

CVE-2025-26610

CriticalPublic PoC

Published: 18 February 2025

Published
18 February 2025
Modified
28 February 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0053 67.8th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26610 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-26610 is a SQL injection vulnerability (CWE-89) affecting WeGIA, an open source Web Manager for Institutions primarily focused on Portuguese language users. The issue resides in the `restaurar_produto_desocultar.php` endpoint, where an authorized attacker can execute arbitrary SQL queries to access sensitive information. Published on 2025-02-18, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited remotely over the network with low attack complexity, requiring no privileges (PR:N), no user interaction, and no special scoping changes. Despite the description noting an "authorized attacker," the CVSS vector suggests unauthenticated access is feasible, allowing arbitrary SQL execution that could lead to data exfiltration, modification, or denial of service on the underlying database.

The vulnerability has been addressed in WeGIA version 3.2.13, and all users are strongly advised to upgrade. No workarounds are available. For full details, refer to the GitHub Security Advisory at https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p7c-9hcx-jpqj.

EU & UK References

Vulnerability details

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `restaurar_produto_desocultar.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing…

more

access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

SQL injection vuln in public-facing web app directly enables T1190 (Exploit Public-Facing Application); arbitrary SQL queries facilitate T1213.006 (Databases) for sensitive data access, T1565.001 (Stored Data Manipulation) for modifications, and T1485 (Data Destruction) for DoS via DB operations.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33991Same product: Wegia Wegia
CVE-2025-26614Same product: Wegia Wegia
CVE-2026-31896Same product: Wegia Wegia
CVE-2025-30364Same product: Wegia Wegia
CVE-2025-30367Same product: Wegia Wegia
CVE-2026-23723Same product: Wegia Wegia
CVE-2025-24957Same product: Wegia Wegia
CVE-2024-57035Same product: Wegia Wegia
CVE-2024-57031Same product: Wegia Wegia
CVE-2025-23218Same product: Wegia Wegia

Affected Assets

wegia
wegia
≤ 3.2.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of untrusted inputs to the restaurar_produto_desocultar.php endpoint, preventing SQL injection payloads from altering database queries.

prevent

Mandates timely identification, reporting, and patching of the SQL injection flaw fixed in WeGIA version 3.2.13.

detect

Requires vulnerability scanning that would identify the SQL injection vulnerability in the WeGIA application prior to exploitation.

References