CVE-2025-61606
MEDIUMWeGIA < 3.5.0 - Open Redirect via control.php nextPage Parameter
Title source: llmDescription
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.
References (2)
Core 2
Core References
Exploit, Mitigation, Vendor Advisory x_refsource_confirm
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m64v-hm7q-33wr
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
10.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (1)
wegia/wegia
< 3.5.0
Published
Oct 02, 2025
Tracked Since
Feb 18, 2026