Main Vulnerability Database Vulnerabilities #VU128697

Open redirect in WeGIA - CVE-2025-53821

Published: April 30, 2026

Vulnerability identifier: #VU128697

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-53821

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LabReDeS

Affected software:
WeGIA

Detailed vulnerability description

The vulnerability allows a remote attacker to redirect users to an arbitrary external site.

The vulnerability exists due to url redirection to an untrusted site in the control.php endpoint when handling requests containing the nextPage parameter. A remote attacker can supply a crafted URL in the nextPage parameter to redirect users to an arbitrary external site.

User interaction is required to follow the crafted link.

How to mitigate CVE-2025-53821

Install security update from vendor's website.

Sources

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5
https://github.com/advisories/GHSA-f5c2-jmm6-v2c5

Open redirect in WeGIA - CVE-2025-53821

Detailed vulnerability description

How to mitigate CVE-2025-53821

Sources

Please verify you're human