SB2025012199 - Open redirect in WeGIA
Published: January 21, 2025 Updated: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Open redirect (CVE-ID: CVE-2025-24020)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect users to an arbitrary external site.
The vulnerability exists due to url redirection to untrusted site in the control.php endpoint when handling the nextPage parameter in requests. A remote user can supply a crafted nextPage value to redirect users to an arbitrary external site.
User interaction is required because a victim must follow the malicious redirect.
Remediation
Install update from vendor's website.