Denial of Service Vulnerability in WeGIA Web Manager by LabRedesCefetRJ
CVE-2025-27419

9.2CRITICAL

Key Information:

Vendor
Labredescefetrj
Status
Wegia
Vendor
CVE Published:
3 March 2025

Summary

WeGIA, an open-source web manager tailored for Portuguese-speaking institutions, is susceptible to a Denial of Service (DoS) vulnerability. This flaw enables unauthenticated users to disrupt server operations through aggressive spidering, leading to unresponsiveness. The root cause involves recursive crawling of dynamically generated URLs and inadequate management of high request volumes. A patch addressing this issue has been implemented in version 3.2.16.

Affected Version(s)

WeGIA < 3.2.16

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/commit/624ddfadb...
x_refsource_MISC

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27419 : Denial of Service Vulnerability in WeGIA Web Manager by LabRedesCefetRJ | SecurityVulnerability.io