Cyber Resilience

CVE-2025-26612

CriticalPublic PoC

Published: 18 February 2025

Published
18 February 2025
Modified
28 February 2025
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0051 67.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26612 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-26612 is a SQL injection vulnerability in the WeGIA open-source web manager application, which targets institutions and primarily serves Portuguese-language users. The flaw resides in the `adicionar_almoxarife.php` endpoint, enabling attackers to execute arbitrary SQL queries and gain unauthorized access to sensitive information. Associated with CWE-89, it carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to high impacts on confidentiality, integrity, and availability.

The vulnerability is exploitable remotely over the network with low complexity, requiring no authentication, privileges, or user interaction, and without changing the scope of impact. Any unauthenticated attacker able to reach the affected endpoint can inject malicious SQL payloads to extract, modify, or delete database contents, potentially compromising entire user databases, institutional records, or other sensitive data stored by WeGIA instances.

The GitHub Security Advisory (GHSA-9cwj-p4x6-pp88) confirms the issue has been patched in WeGIA version 3.2.13, urging all users to upgrade immediately. No workarounds are available.

EU & UK References

Vulnerability details

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing…

more

unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The SQL injection vulnerability in the publicly accessible WeGIA web application endpoint directly enables remote unauthenticated exploitation of a public-facing application to access or manipulate database contents.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35395Same product: Wegia Wegia
CVE-2025-24906Same product: Wegia Wegia
CVE-2025-27133Same product: Wegia Wegia
CVE-2025-22141Same product: Wegia Wegia
CVE-2026-33134Same product: Wegia Wegia
CVE-2025-23219Same product: Wegia Wegia
CVE-2025-24902Same product: Wegia Wegia
CVE-2025-24958Same product: Wegia Wegia
CVE-2026-31895Same product: Wegia Wegia
CVE-2024-57034Same product: Wegia Wegia

Affected Assets

wegia
wegia
≤ 3.2.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates SQL injection by requiring validation of user inputs to the adicionar_almoxarife.php endpoint to block malicious SQL payloads.

prevent

Ensures timely identification, reporting, testing, and patching of flaws like the SQL injection fixed in WeGIA 3.2.13.

preventdetect

Requires vulnerability scanning that detects SQL injection flaws like CVE-2025-26612 in web applications and drives remediation.

References