CVE-2025-61606 is an Open Redirect vulnerability (CWE-601) found in the open source web management application WeGIA, specifically in versions 3.4.12 and below. WeGIA is designed primarily for charitable institutions to manage their web presence and operations. The vulnerability resides in the control.php endpoint, within the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This parameter does not properly validate or sanitize user-supplied input, allowing an attacker to craft URLs that redirect users to arbitrary external domains. Such open redirects can be exploited by threat actors to facilitate phishing attacks by redirecting victims to malicious websites that impersonate legitimate services, distribute malware payloads, or steal user credentials. The vulnerability does not require authentication but does require user interaction, as victims must click on a maliciously crafted link. The CVSS v4.0 base score is 4.8 (medium severity), reflecting the network attack vector, low complexity, no privileges required, but user interaction needed, and limited impact on confidentiality and integrity. No known exploits are currently reported in the wild. The issue is resolved in WeGIA version 3.5.0, which properly validates the nextPage parameter to prevent arbitrary redirection. Organizations using affected versions should upgrade promptly to mitigate this risk.

For European organizations, especially charitable institutions using WeGIA for web management, this vulnerability poses a moderate risk. Attackers can exploit the open redirect to conduct phishing campaigns targeting donors, volunteers, or staff by redirecting them to malicious sites that harvest credentials or deliver malware. This can lead to compromised user accounts, reputational damage, and potential financial losses. While the vulnerability itself does not directly compromise the application or its data, the indirect consequences of successful phishing or malware infections can be significant. Given the focus on charitable organizations, which may have limited cybersecurity resources, the risk of successful exploitation could be higher. Additionally, phishing attacks exploiting this vulnerability could be used as a stepping stone for more sophisticated attacks against European entities, including data breaches or fraud. The medium severity score reflects that while the vulnerability is not critical, it should not be ignored due to the potential for social engineering exploitation and downstream impacts.

1. Immediate upgrade to WeGIA version 3.5.0 or later, which contains the fix for this vulnerability. 2. Implement strict input validation and sanitization on all URL parameters, especially those controlling redirection, to allow only trusted internal URLs or use a whitelist approach. 3. Employ web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns or attempts to redirect to external domains. 4. Educate users and staff about the risks of phishing and the importance of verifying URLs before clicking, especially in emails or messages referencing the organization. 5. Monitor web server logs for unusual redirect requests or patterns indicative of exploitation attempts. 6. Consider implementing Content Security Policy (CSP) headers to restrict the domains to which browsers can navigate or load resources, reducing the impact of open redirects. 7. For organizations unable to upgrade immediately, consider temporary mitigation by disabling or restricting access to the vulnerable endpoint if feasible.