{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53821", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-09T14:14:52.530Z", "datePublished": "2025-07-14T22:16:30.206Z", "dateUpdated": "2025-07-15T19:50:14.872Z"}, "containers": {"cna": {"title": "WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5"}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"version": "< 3.4.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-14T22:16:30.206Z"}, "descriptions": [{"lang": "en", "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue."}], "source": {"advisory": "GHSA-f5c2-jmm6-v2c5", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-15T13:26:51.059149Z", "id": "CVE-2025-53821", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T19:50:14.872Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53821", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-15T13:26:51.059149Z"}}}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T13:26:52.362Z"}}], "cna": {"title": "WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'", "source": {"advisory": "GHSA-f5c2-jmm6-v2c5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"status": "affected", "version": "< 3.4.5"}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-14T22:16:30.206Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53821", "state": "PUBLISHED", "dateUpdated": "2025-07-15T19:50:14.872Z", "dateReserved": "2025-07-09T14:14:52.530Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-14T22:16:30.206Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "matchCriteriaId": "88671AF4-0D87-412C-BEF8-98C5736F8B52", "versionEndExcluding": "3.4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue."}, {"lang": "es", "value": "WeGIA es un gestor web de c\u00f3digo abierto centrado en el idioma portugu\u00e9s y las instituciones ben\u00e9ficas. Existe una vulnerabilidad de redirecci\u00f3n abierta en la aplicaci\u00f3n web anterior a la versi\u00f3n 3.4.5. El endpoint control.php permite especificar una URL arbitraria mediante el par\u00e1metro `nextPage`, lo que provoca una redirecci\u00f3n incontrolada. La versi\u00f3n 3.4.5 contiene una soluci\u00f3n para este problema."}], "id": "CVE-2025-53821", "lastModified": "2025-07-18T20:08:33.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-14T23:15:23.980", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-f5c2-jmm6-v2c5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}