CVE-2025-53530 | THREATINT

Description

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

PUBLISHED Reserved 2025-07-02 | Published 2025-07-07 | Updated 2025-07-07 | Assigner GitHub_M

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

< 3.3.0

affected

References

github.com/.../WeGIA/security/advisories/GHSA-562r-xgj9-2r7p

cve.org (CVE-2025-53530)

nvd.nist.gov (CVE-2025-53530)

Download JSON