CVE-2025-53821

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5	Exploit Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-14 23:15

Updated : 2025-07-18 20:08

NVD link : CVE-2025-53821

Mitre link : CVE-2025-53821

CVE.ORG link : CVE-2025-53821

JSON object : View

Products Affected

wegia

wegia

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2025-53821", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-07-14T23:15:23.980", "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue."}, {"lang": "es", "value": "WeGIA es un gestor web de c\u00f3digo abierto centrado en el idioma portugu\u00e9s y las instituciones ben\u00e9ficas. Existe una vulnerabilidad de redirecci\u00f3n abierta en la aplicaci\u00f3n web anterior a la versi\u00f3n 3.4.5. El endpoint control.php permite especificar una URL arbitraria mediante el par\u00e1metro `nextPage`, lo que provoca una redirecci\u00f3n incontrolada. La versi\u00f3n 3.4.5 contiene una soluci\u00f3n para este problema."}], "lastModified": "2025-07-18T20:08:33.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88671AF4-0D87-412C-BEF8-98C5736F8B52", "versionEndExcluding": "3.4.5"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}