Open redirect in WeGIA - CVE-2025-24020
Published: January 21, 2025 / Updated: May 2, 2026
Vulnerability identifier: #VU129031
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-24020
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LabReDeS
Affected software:
WeGIA
WeGIA
Detailed vulnerability description
The vulnerability allows a remote user to redirect users to an arbitrary external site.
The vulnerability exists due to url redirection to untrusted site in the control.php endpoint when handling the nextPage parameter in requests. A remote user can supply a crafted nextPage value to redirect users to an arbitrary external site.
User interaction is required because a victim must follow the malicious redirect.
How to mitigate CVE-2025-24020
Install security update from vendor's website.