Open redirect in WeGIA - CVE-2025-62361
Published: April 23, 2026
Vulnerability identifier: #VU127278
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-62361
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LabReDeS
Affected software:
WeGIA
WeGIA
Detailed vulnerability description
The vulnerability allows a remote user to redirect users to arbitrary external domains.
The vulnerability exists due to url redirection to untrusted site in the control.php endpoint when handling the nextPage parameter in requests to metodo=listarTodos and nomeClasse=AlmoxarifeControle. A remote user can send a specially crafted request containing an external URL to redirect users to arbitrary external domains.
User interaction is required for a victim to follow the malicious redirect.
How to mitigate CVE-2025-62361
Install security update from vendor's website.