CVE-2025-53530 HIGH

CVE-2025-53530: WeGIA allows Uncontrolled Resource Consumption via the errorstr parameter

Vendor Labredescefetrj
Product WeGIA
Weakness CWE-770 · Uncontrolled resource consumption
Published July 7, 2025
Last update July 7, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

Key dates

02Disclosure timeline

July 7, 2025 CVE published
July 7, 2025 Record updated