AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-3893: While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this a

infovulnerability

security

Source: NVD/CVE DatabaseMay 23, 2025CVE-2025-3893

Summary

CVE-2025-3893 is a SQL injection vulnerability (a type of attack where malicious code is inserted into a database query) in MegaBIP that occurs when users with high privileges edit pages and provide reasoning for their actions. The user input is not sanitized (cleaned of potentially harmful code), allowing attackers to manipulate the database. This vulnerability has a CVSS severity score of 8.6 (HIGH), indicating it is serious.

Solution / Mitigation

Version 5.20 of MegaBIP fixes this issue.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-89

CAPEC (Attack Pattern)

CAPEC-66

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-3893

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%