CVE-2025-62359 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ, primarily targeting Portuguese language users. The vulnerability exists in versions prior to 3.5.0 within the /pet/profile_pet.php endpoint, specifically in the id_pet GET parameter. The application fails to properly neutralize or sanitize input before rendering it in the web page, allowing attackers to inject arbitrary JavaScript code. This type of XSS is reflected, meaning the malicious script is embedded in a URL and executed immediately when a victim accesses the crafted link. The CVSS 4.0 vector indicates the attack can be performed remotely (AV:N) with low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and no impact on confidentiality, integrity, or availability (VC:N, VI:N, VA:N), but with slight scope change and low scope impact (SC:L, SI:L). Although the CVSS score is medium (5.3), the vulnerability can be leveraged for session hijacking, phishing, or delivering malware payloads via browser exploitation. No public exploits have been reported yet, but the presence of this vulnerability in an open-source institutional management system used by educational or organizational entities poses a risk. The issue is resolved in WeGIA version 3.5.0, which properly sanitizes input parameters to prevent script injection. Organizations using affected versions should upgrade promptly and consider additional mitigations such as input validation and security headers.

For European organizations, the impact of this vulnerability depends on the extent of WeGIA deployment, particularly in institutions managing Portuguese-speaking communities or educational entities. Successful exploitation could allow attackers to execute arbitrary scripts in users’ browsers, leading to session hijacking, unauthorized actions, or redirection to malicious sites. This can compromise user data confidentiality and trust in institutional platforms. While the vulnerability does not directly affect system integrity or availability, the indirect effects such as credential theft or phishing can lead to broader security incidents. Given the medium severity and ease of exploitation without user interaction or authentication, organizations with exposed WeGIA instances face a tangible risk. The impact is heightened in environments where users have elevated privileges or access sensitive information. Additionally, the reflected XSS could be used as a vector for delivering further malware or conducting social engineering attacks, increasing the overall threat landscape for affected European institutions.

1. Upgrade all WeGIA instances to version 3.5.0 or later immediately to apply the official fix. 2. Implement strict input validation and sanitization on all user-supplied data, especially URL parameters like id_pet, to prevent script injection. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 4. Use HTTP-only and Secure flags on cookies to protect session tokens from theft via XSS. 5. Conduct regular security audits and penetration testing focusing on input handling and injection vulnerabilities. 6. Educate users and administrators about the risks of clicking on suspicious links and encourage reporting of unusual behavior. 7. Monitor web server logs for unusual requests targeting the vulnerable endpoint to detect potential exploitation attempts. 8. If upgrading immediately is not feasible, consider implementing web application firewall (WAF) rules to block malicious payloads targeting the id_pet parameter.