CVE-2025-26612
Published: 18 February 2025
Summary
CVE-2025-26612 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SQL injection by requiring validation of user inputs to the adicionar_almoxarife.php endpoint to block malicious SQL payloads.
Ensures timely identification, reporting, testing, and patching of flaws like the SQL injection fixed in WeGIA 3.2.13.
Requires vulnerability scanning that detects SQL injection flaws like CVE-2025-26612 in web applications and drives remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The SQL injection vulnerability in the publicly accessible WeGIA web application endpoint directly enables remote unauthenticated exploitation of a public-facing application to access or manipulate database contents.
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing…
more
unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26612 is a SQL injection vulnerability in the WeGIA open-source web manager application, which targets institutions and primarily serves Portuguese-language users. The flaw resides in the `adicionar_almoxarife.php` endpoint, enabling attackers to execute arbitrary SQL queries and gain unauthorized access to sensitive information. Associated with CWE-89, it carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to high impacts on confidentiality, integrity, and availability.
The vulnerability is exploitable remotely over the network with low complexity, requiring no authentication, privileges, or user interaction, and without changing the scope of impact. Any unauthenticated attacker able to reach the affected endpoint can inject malicious SQL payloads to extract, modify, or delete database contents, potentially compromising entire user databases, institutional records, or other sensitive data stored by WeGIA instances.
The GitHub Security Advisory (GHSA-9cwj-p4x6-pp88) confirms the issue has been patched in WeGIA version 3.2.13, urging all users to upgrade immediately. No workarounds are available.
Details
- CWE(s)