Blind SQL Injection Vulnerability in Kiwire Captive Portal
CVE-2025-11188

7.3HIGH

Key Information:

Vendor

Synchroweb

Status
Kiwire
Vendor
CVE Published:
10 October 2025

What is CVE-2025-11188?

The Kiwire Captive Portal is susceptible to a blind SQL injection through the nas-id parameter. This vulnerability enables attackers to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the underlying database. It is crucial for organizations using this portal to apply the necessary security updates to mitigate risks associated with unauthorized database access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kiwire 3.6

References

https://www.synchroweb.com/release-notes/kiwire/security

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.