Main Vulnerability Database Vulnerabilities #VU128697

Open redirect in WeGIA - CVE-2025-53821

Published: April 30, 2026

Vulnerability identifier: #VU128697

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-53821

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WeGIA

Software vendor:
LabReDeS

Description

The vulnerability allows a remote attacker to redirect users to an arbitrary external site.

The vulnerability exists due to url redirection to an untrusted site in the control.php endpoint when handling requests containing the nextPage parameter. A remote attacker can supply a crafted URL in the nextPage parameter to redirect users to an arbitrary external site.

User interaction is required to follow the crafted link.

Remediation

Install security update from vendor's website.

External links

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5
https://github.com/advisories/GHSA-f5c2-jmm6-v2c5

Open redirect in WeGIA - CVE-2025-53821

Description

Remediation

External links

Please verify you're human