Featured image of post CVE-2025-53530
DoS Critical WeGia Security WebApp

CVE-2025-53530

Denial of Service (DoS)

CVE-2025-53530: Uncontrolled Resource Consumption in WeGIA parameter errorstr

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-53530

Summary

The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks.

Details

Vulnerable Endpoint: GET https://comfirewall.wegia.org:8000/WeGIA?errorstr=AAAA...

  • The parameter errorstr in the URL allows attackers to add an arbitrary amount of data up to 8,142 characters.
  • There is no validation for the length of the errorstr parameter processed by the server.
  • During testing, the parameter was extended with repeated characters (errorstr=-value-), causing resource exhaustion, timeouts, and errors in socket connections.

PoC

Steps to reproduce the issue:

  • Execute the following HTTP GET request to reproduce the issue:

1

  curl "https://comfirewall.wegia.org:8000/WeGIA?errorstr=$(python3 -c 'print("A"*8000)')"

  • To simulate a high-load attack, use the wrk tool:

1

  wrk -t12 -c400 -d60s "https://comfirewall.wegia.org:8000/WeGIA?errorstr=$(python3 -c 'print("A"*8000)')"

Updated Test Results with wrk:

  • 20,180 requests were processed in 1 minute.
  • 719 timeouts and 134 read errors occurred, indicating the server struggled to respond to the load.
  • Average latency was 249.77ms, with peaks reaching 2 seconds.
  • The server attempted to handle the load but demonstrated significant resource exhaustion, confirming its vulnerability to DoS attacks.

Impact

This is a Denial of Service vulnerability. Any unauthenticated user with access to tools like OWASP ZAP can exploit this issue to make the server unresponsive. This affects the availability of the application and could disrupt business operations. The lack of rate limiting and recursive crawling restrictions increases the risk and makes the vulnerability exploitable by low-skilled attackers.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-562r-xgj9-2r7p

Finder

Rafael Corvino

Contributors

Diego Castro

Elisangela Mendonça

Natan Maia Morette

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy