CVE-2025-62361 MEDIUM

CVE-2025-62361: WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle)

Vendor Labredescefetrj

Product WeGIA

Weakness CWE-601 · Open redirect

Published October 13, 2025

Last update October 14, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This vulnerability is fixed in 3.5.0.

Key dates

02Disclosure timeline

October 13, 2025 CVE published

October 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62361 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

CVE-2025-62361: WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle)

01Description

02Disclosure timeline

03References

04Related CVE