CVE-2025-24020

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the control.php endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the nextPage parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue stems from the lack of validation for the nextPage parameter, which accepts external URLs as redirection destinations. This vulnerability can be exploited to perform phishing attacks or redirect users to malicious websites. Version 3.2.11 contains a fix for the issue.

Published: Jan 21, 2025
Updated: May 4, 2025
CVE: CVE-2025-24020
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
wegia / wegia	-	3.2.11

https://github.com/LabRedesCefetRJ/WeGIA/commit/89d98bf074cebf6c4ed95fca6f64e325c0b1d2f0
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.11
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-27g8-5q48-xmw6

Vulnerability Database

CVE-2025-24020

Deep Security Visibility Without the Complexity