Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Oct 3, 2025

WeGIA: Open Redirect Vulnerability in `control.php` endpoint

CVE-2025-61606

Description

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.

Affected products

LabRedesCefetRJ/Wegiav5
Range: < 3.5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/LabRedesCefetRJ/WeGIA/commit/85051ad14b1e7fa14116e74a90c0bd5480b2ec84mitrex_refsource_MISC
github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m64v-hm7q-33wrmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000