CVE-2025-62361

MEDIUM

Wegia < 3.5.0 - Open Redirect

Title source: rule

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This vulnerability is fixed in 3.5.0.

References (2)

[Exploit, Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m99c-77f2-gpjx

[Patch] https://github.com/LabRedesCefetRJ/WeGIA/commit/2b53003b5956dbbf0ce554b680245f55ad869821

View Patch ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

wegia/wegia < 3.5.0

Published Oct 13, 2025

Tracked Since Feb 18, 2026