CVE-2026-25240 is a SQL injection vulnerability identified in the pearweb component of the PEAR PHP framework, specifically in versions prior to 1.33.0. The vulnerability arises in the user::maintains() function when role filters are supplied as an array and directly interpolated into an SQL IN clause without proper sanitization or parameterization. This improper neutralization of special elements (CWE-89) allows an unauthenticated remote attacker to inject arbitrary SQL commands, potentially manipulating the database query logic. The vulnerability does not require authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is mainly on confidentiality, with limited integrity or availability effects. No known exploits have been reported in the wild yet. The issue was addressed by the pearweb maintainers in version 1.33.0 by correcting the query construction to safely handle role filters, likely through parameterized queries or proper escaping. Organizations using pearweb in their PHP applications should review their versions and upgrade promptly to avoid exploitation.

For European organizations, the primary impact of this vulnerability is the potential unauthorized disclosure of sensitive data stored in databases accessed via pearweb. Attackers exploiting this SQL injection could extract user information, configuration details, or other confidential data, leading to privacy breaches and compliance violations under regulations like GDPR. While the vulnerability does not directly enable data modification or service disruption, the confidentiality compromise alone can damage organizational reputation and incur regulatory penalties. Since pearweb is a PHP component used in web applications, any public-facing services using vulnerable versions are at risk of remote exploitation without authentication. This risk is heightened for organizations relying on pearweb for user management or role-based access control, as attackers could leverage injected queries to bypass security controls. The absence of known exploits suggests a window of opportunity for proactive mitigation. European entities with extensive PHP infrastructure, especially those in financial, governmental, or technology sectors, should consider this vulnerability a moderate threat to their data security posture.

1. Upgrade pearweb to version 1.33.0 or later immediately to apply the official patch that fixes the SQL injection vulnerability. 2. Conduct a thorough code audit of all PHP applications using pearweb, focusing on any custom code that manipulates role filters or constructs SQL queries with user-supplied input. 3. Refactor vulnerable code to use parameterized queries or prepared statements rather than string interpolation for SQL commands, especially when handling arrays or lists in IN clauses. 4. Implement strict input validation and sanitization for all user inputs that influence database queries. 5. Employ web application firewalls (WAFs) with rules designed to detect and block SQL injection attempts targeting pearweb endpoints. 6. Monitor logs and network traffic for unusual query patterns or error messages indicative of attempted SQL injection. 7. Educate developers on secure coding practices related to database access and input handling to prevent similar vulnerabilities. 8. If upgrading is not immediately feasible, consider applying temporary mitigations such as restricting access to vulnerable endpoints or disabling features that use role filters in queries.