CVE-2026-25239 is a SQL injection vulnerability classified under CWE-89 affecting the pearweb product of the PEAR PHP framework and distribution system. The vulnerability exists in the apidoc queue insertion functionality, where the filename value inserted into the database is not properly sanitized or neutralized. This allows an attacker who can influence the filename parameter to inject malicious SQL commands, leading to unauthorized query manipulation. The vulnerability does not require authentication or user interaction, making it remotely exploitable over the network with low attack complexity. The impact primarily affects data integrity and confidentiality, as attackers could alter or exfiltrate sensitive data stored in the backend database. The vulnerability was patched in pearweb version 1.33.0, and users running earlier versions should upgrade immediately. Although no known exploits are reported in the wild, the high CVSS score of 8.2 reflects the critical nature of the flaw and the potential for severe damage if exploited. The vulnerability is particularly relevant for organizations that use PEAR components in their PHP environments, especially those that rely on pearweb for managing reusable PHP components and API documentation.

For European organizations, exploitation of this vulnerability could lead to unauthorized access to sensitive data, data corruption, or complete compromise of the backend database used by pearweb. This could affect internal development environments, software distribution systems, or any web applications relying on PEAR components. The breach of confidentiality and integrity could result in intellectual property theft, disruption of software supply chains, and damage to organizational reputation. Given the widespread use of PHP and PEAR in European web development, especially in sectors like finance, government, and technology, the impact could be significant. Furthermore, the vulnerability's ease of exploitation without authentication increases the risk of automated attacks targeting vulnerable systems. Organizations that have not patched pearweb may face compliance issues under GDPR if personal data is exposed or manipulated.

The primary mitigation is to upgrade pearweb to version 1.33.0 or later, where the vulnerability is patched. Organizations should audit their PHP environments to identify any instances of pearweb and verify the version in use. Additionally, review and sanitize all inputs related to API documentation queues or filename parameters to ensure no unsanitized data reaches SQL queries. Implementing Web Application Firewalls (WAFs) with rules to detect and block SQL injection attempts targeting pearweb endpoints can provide temporary protection. Conduct code reviews and penetration testing focused on SQL injection vectors within PEAR components. Monitor logs for suspicious database query patterns or unexpected errors related to apidoc queue operations. Finally, establish a rapid patch management process to address future vulnerabilities in third-party PHP components promptly.