CVE-2025-26614
Published: 18 February 2025
Description
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Security Summary
CVE-2025-26614 is a SQL injection vulnerability in the WeGIA open-source web manager application, which targets institutions with a focus on Portuguese-language users. The flaw resides in the `deletar_documento.php` endpoint and enables an authorized attacker to execute arbitrary SQL queries, potentially exposing sensitive information. WeGIA versions prior to 3.2.14 are affected, with the vulnerability rated at CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to CWE-89.
An attacker with low-privilege access (such as a standard authenticated user) can exploit this over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary SQL query execution, granting high-impact access to confidential data, modification of integrity, and potential denial of service through availability disruption.
The GitHub Security Advisory (GHSA-3qhx-gfqj-vm2j) confirms the issue is fixed in WeGIA version 3.2.14, urging all users to upgrade immediately. No workarounds are available.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in authenticated web app endpoint enables T1190 (exploit public-facing application over network), T1213.006 (arbitrary DB queries for data collection), and T1565.001 (data modification via SQL).