CVE-2025-61606 | THREATINT

Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-02 | Updated 2025-10-03 | Assigner GitHub_M

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Product status

< 3.5.0

affected

References

github.com/.../WeGIA/security/advisories/GHSA-m64v-hm7q-33wr

github.com/...ommit/85051ad14b1e7fa14116e74a90c0bd5480b2ec84

cve.org (CVE-2025-61606)

nvd.nist.gov (CVE-2025-61606)

Download JSON