Featured image of post CVE-2025-61606
Open Redirect Moderate WeGia Security WebApp

CVE-2025-61606

Open Redirect

CVE-2025-61606: Open Redirect Vulnerability in control.php endpoint nextPage parameter

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-61606

Summary

An Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarUm nomeClasse=FuncionarioControle).

This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft.

Details

The application fails to validate and sanitize user input in the nextPage parameter.

As a result, attackers can craft malicious URLs that redirect users to external websites outside the trusted domain, undermining user trust and enabling social engineering attacks.

Vulnerable Endpoint: GET metodo=listarUm&nomeClasse=FuncionarioControle&nextPage=https%3A%2F%2Fgoogle.com&id_funcionario=2

Parameter: nextPage

PoC

Request:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

GET /WeGIA/controle/control.php?metodo=listarUm&nomeClasse=FuncionarioControle&nextPage=https%3A%2F%2Fgoogle.com&id_funcionario=2 HTTP/1.1
Host: sec.wegia.org:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://sec.wegia.org:8000/WeGIA/html/funcionario/informacao_funcionario.php
Cookie: {COOKIE}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i

The server accepts the crafted request and successfully redirects the victim to https://google.com instead of restricting navigation to the application’s own domain.

Impact

  • Phishing: Attackers can trick users into visiting malicious sites that mimic legitimate ones.
  • Credential theft: Fake login pages can capture user credentials.
  • Malware distribution: Victims may be redirected to websites hosting malicious software.
  • Reputation damage: Users may lose trust in the Wegia platform if abused in phishing campaigns.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m64v-hm7q-33wr

Finder

Marcelo Queiroz

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy