SB2025012199 - Open redirect in WeGIA



SB2025012199 - Open redirect in WeGIA

Published: January 21, 2025 Updated: May 2, 2026

Security Bulletin ID SB2025012199
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Open redirect (CVE-ID: CVE-2025-24020)

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to redirect users to an arbitrary external site.

The vulnerability exists due to url redirection to untrusted site in the control.php endpoint when handling the nextPage parameter in requests. A remote user can supply a crafted nextPage value to redirect users to an arbitrary external site.

User interaction is required because a victim must follow the malicious redirect.


Remediation

Install update from vendor's website.