Open redirect in WeGIA - CVE-2025-61606
Published: April 23, 2026
Vulnerability identifier: #VU127276
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-61606
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LabReDeS
Affected software:
WeGIA
WeGIA
Detailed vulnerability description
The vulnerability allows a remote user to redirect users to arbitrary external domains.
The vulnerability exists due to url redirection to an untrusted site in the control.php endpoint when processing the nextPage parameter in requests to metodo=listarUm with nomeClasse=FuncionarioControle. A remote user can send a crafted request with a malicious nextPage value to redirect users to arbitrary external domains.
User interaction is required for the redirect to occur.
How to mitigate CVE-2025-61606
Install security update from vendor's website.