CVE-2025-53821 MEDIUM

CVE-2025-53821: WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'

Vendor Labredescefetrj
Product WeGIA
Weakness CWE-601 · Open redirect
Published July 14, 2025
Last update July 15, 2025

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.

Key dates

02Disclosure timeline

July 14, 2025 CVE published
July 15, 2025 Record updated