Blind SQL Injection Vulnerability in Kiwire Captive Portal
CVE-2025-11188

Currently unrated

Key Information:

Vendor: Synchroweb
Status: Kiwire
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-11188?

The Kiwire Captive Portal is susceptible to a blind SQL injection through the nas-id parameter. This vulnerability enables attackers to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the underlying database. It is crucial for organizations using this portal to apply the necessary security updates to mitigate risks associated with unauthorized database access.

Affected Version(s)

Kiwire 3.6

References

https://www.synchroweb.com/release-notes/kiwire/security

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 30, 2025

JSON

Synchroweb

What is CVE-2025-11188?

Affected Version(s)

References

Timeline