CVE-2025-26611
Published: 18 February 2025
Summary
CVE-2025-26611 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection in the remover_produto.php endpoint by enforcing validation of user inputs prior to database query construction.
Addresses the vulnerability through flaw remediation by requiring upgrade to WeGIA version 3.2.13 where the SQL injection is patched.
Complements input validation by restricting input types, formats, and scanning for malicious SQL payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in unauthenticated public-facing web endpoint directly enables T1190 for remote exploitation; arbitrary SQL execution facilitates T1213.006 for database data access, exfiltration, modification, and deletion.
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing…
more
unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26611 is a SQL injection vulnerability in the WeGIA open-source web manager application, primarily targeted at Portuguese-language institutional users. The flaw resides in the `remover_produto.php` endpoint, where insufficient input validation allows attackers to inject and execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive information in the underlying database.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network with low complexity, no authentication privileges, and no user interaction required. Any unauthenticated attacker with network access to a vulnerable WeGIA instance can leverage this to execute arbitrary SQL commands, enabling data exfiltration, modification, deletion, or escalation to full database compromise.
The GitHub Security Advisory (GHSA-q273-4vcj-qqp4) confirms the issue was addressed in WeGIA version 3.2.13, urging all users to upgrade immediately. No workarounds are available.
Details
- CWE(s)