CVE-2025-61606 in WeGIA
Summary
by MITRE • 10/03/2025
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/07/2025
The CVE-2025-61606 vulnerability represents a critical open redirect flaw within the WeGIA web management platform, an open source solution designed for charitable institutions. This vulnerability exists in versions 3.4.12 and earlier, specifically targeting the control.php endpoint where the nextPage parameter is processed. The flaw stems from insufficient input validation and sanitization of user-supplied parameters, allowing malicious actors to manipulate the redirection flow. The vulnerability is particularly concerning as it affects a component that handles user authentication and authorization processes, making it a prime target for attackers seeking to exploit user trust and gain unauthorized access to sensitive systems.
The technical implementation of this vulnerability occurs within the metodo=listarUmnomeClasse=FuncionarioControle parameter chain, where the system fails to properly validate or sanitize the nextPage parameter before using it in redirect operations. This creates an opportunity for attackers to inject malicious URLs that will be executed during subsequent user interactions with the application. The vulnerability aligns with CWE-601 Open Redirect vulnerability classification, which specifically addresses situations where applications redirect users to external domains without proper validation. The flaw operates at the application layer and can be exploited through various attack vectors including email phishing campaigns, malicious links in social media, or compromised web pages that direct users to attacker-controlled domains.
From an operational perspective, this vulnerability poses significant risks to charitable institutions that rely on WeGIA for their administrative functions. The open redirect can be leveraged to conduct sophisticated phishing attacks where users are redirected to fake login pages designed to capture credentials. Additionally, attackers could use the vulnerability to distribute malicious payloads or redirect users to websites hosting malware. The impact extends beyond immediate credential theft as it can enable further attacks including session hijacking, data exfiltration, and lateral movement within compromised networks. Organizations using affected versions face potential regulatory compliance issues and reputational damage if successful attacks occur, particularly given the sensitive nature of charitable institution data and donor information.
The remediation for this vulnerability requires immediate deployment of version 3.5.0 which includes proper input validation and sanitization mechanisms for the nextPage parameter. Security teams should implement comprehensive patch management procedures to ensure all instances of the vulnerable software are updated promptly. Additional defensive measures include implementing web application firewalls with rules to detect and block suspicious redirect patterns, conducting regular security assessments of web applications, and establishing monitoring procedures to detect potential exploitation attempts. Organizations should also consider implementing user education programs to raise awareness about phishing attacks and the importance of verifying URLs before entering sensitive information. The vulnerability demonstrates the critical importance of input validation in web applications and aligns with ATT&CK technique T1566.001 for credential harvesting through phishing, making it a significant concern for organizations implementing security controls and risk mitigation strategies.