CVE-2025-26614
Published: 18 February 2025
Summary
CVE-2025-26614 is a high-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely identification, reporting, and patching of the SQL injection flaw fixed in WeGIA version 3.2.14.
Mandates validation of information inputs to the deletar_documento.php endpoint, preventing execution of arbitrary SQL queries via malicious input.
Enables deployment of web application firewalls at system boundaries to monitor and block SQL injection payloads targeting the vulnerable endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in authenticated web app endpoint enables T1190 (exploit public-facing application over network), T1213.006 (arbitrary DB queries for data collection), and T1565.001 (data modification via SQL).
NVD Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing…
more
access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-26614 is a SQL injection vulnerability in the WeGIA open-source web manager application, which targets institutions with a focus on Portuguese-language users. The flaw resides in the `deletar_documento.php` endpoint and enables an authorized attacker to execute arbitrary SQL queries, potentially exposing sensitive information. WeGIA versions prior to 3.2.14 are affected, with the vulnerability rated at CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-89.
An attacker with low-privilege access (such as a standard authenticated user) can exploit this over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary SQL query execution, granting high-impact access to confidential data, modification of integrity, and potential denial of service through availability disruption.
The GitHub Security Advisory (GHSA-3qhx-gfqj-vm2j) confirms the issue is fixed in WeGIA version 3.2.14, urging all users to upgrade immediately. No workarounds are available.
Details
- CWE(s)