Open Redirect Vulnerability in WeGIA Web Manager from LabRedesCefetRJ
CVE-2025-61606

4.8MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 2 October 2025

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2025-61606?

WeGIA, an open-source web manager for charitable organizations, is susceptible to an Open Redirect vulnerability found in the control.php endpoint. This flaw, specifically in the nextPage parameter, allows malicious actors to redirect users to arbitrary external domains. Such exploitation can lead to phishing campaigns, the delivery of harmful payloads, or the theft of user credentials. Users are encouraged to upgrade to version 3.5.0 where this issue has been addressed.

Affected Version(s)

WeGIA < 3.5.0

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/commit/85051ad14...

x_refsource_MISC

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Sep 26, 2025

JSON