CVE-2025-61606 is an Open Redirect vulnerability classified under CWE-601 found in the open-source web management software WeGIA, which targets charitable institutions. The vulnerability exists in versions 3.4.12 and earlier, specifically within the control.php endpoint where the nextPage parameter is improperly validated. An attacker can craft a URL that manipulates this parameter to redirect users to arbitrary external domains without proper sanitization or validation. This redirection can be exploited to conduct phishing attacks by luring users to malicious websites, distribute malware payloads, or steal user credentials by impersonating legitimate services. The vulnerability does not require any authentication, making it accessible to unauthenticated attackers, but it does require user interaction to click on the malicious link. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), user interaction required (UI:A), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:N). The vulnerability has been addressed in WeGIA version 3.5.0, which includes proper validation and sanitization of the nextPage parameter to prevent open redirects. No known exploits are currently reported in the wild, but the risk remains significant due to the potential for social engineering attacks leveraging this flaw.

For European organizations, especially charitable institutions using WeGIA versions prior to 3.5.0, this vulnerability poses a risk of successful phishing campaigns and malware distribution. Attackers can exploit the open redirect to trick users into visiting malicious sites that may harvest credentials or deliver malicious payloads, potentially leading to data breaches or system compromise. While the direct impact on system integrity and availability is low, the indirect consequences through social engineering can be severe, including reputational damage and financial loss. Given the widespread use of open-source management tools in the nonprofit sector across Europe, organizations with limited cybersecurity resources are particularly vulnerable. The vulnerability's exploitation could also undermine trust in digital services provided by these institutions.

Organizations should immediately upgrade WeGIA to version 3.5.0 or later, where the vulnerability is patched. Until the upgrade is applied, administrators should implement strict input validation and sanitization on the nextPage parameter, possibly by restricting redirects to a whitelist of trusted internal URLs. Additionally, deploying web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns can reduce risk. User awareness training focused on recognizing phishing attempts and suspicious URLs is critical to mitigate the social engineering aspect of this vulnerability. Monitoring web logs for unusual redirect requests and suspicious user activity can help detect exploitation attempts early. Finally, organizations should review and update their incident response plans to address potential phishing or malware incidents stemming from this vulnerability.