CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24020: WeGIA Open Redirect vulnerability

4.8 CVSS

Description

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the `nextPage` parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

Classification

CVE ID: CVE-2025-24020

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

Affected Products

Vendor: LabRedesCefetRJ

Product: WeGIA

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 23.55% (scored less or equal to compared to others)

EPSS Date: 2025-02-19 (when was this score calculated)

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6
https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11

Timeline

2025-01-22 00:30:54 UTC
CVE

WeGIA Open Redirect vulnerability