CVE-2025-61606

MEDIUM EPSS 10.9%
Published Oct 2, 20259mo ago · Modified Jun 17, 20261w ago
4.8 CVSS 4.0
Medium
Find Similar
Published Oct 2, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

CVSS Details

Base Score
4.8
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
10.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-601

Affected Products 1

VendorProductVersionRange
wegiawegia* <3.5.0

References 2

  • github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/85051ad14b1e7fa14116e74a90c0bd5480b2ec84
    Patch
  • github.com https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m64v-hm7q-33wr
    ExploitMitigationVendor Advisory

Remediation

  • github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/85051ad14b1e7fa14116e74a90c0bd5480b2ec84
    Patch