CVE-2025-62361 identifies an Open Redirect vulnerability (CWE-601) in the WeGIA web management system developed by LabRedesCefetRJ, primarily targeting Portuguese language institutions. The vulnerability resides in the nextPage parameter of the control.php endpoint, which fails to properly validate or sanitize user-supplied URLs. Attackers can exploit this by crafting URLs that redirect users from the legitimate WeGIA domain to arbitrary external websites. Such redirection can be leveraged in phishing campaigns to trick users into divulging credentials or downloading malware, exploiting the trust users place in the original domain. The vulnerability does not require authentication but does require user interaction, such as clicking a malicious link. The CVSS 4.8 score reflects medium severity, considering the network attack vector, low complexity, no privileges required, but user interaction needed and limited impact on confidentiality and integrity. The vulnerability affects all versions prior to 3.5.0, which includes many deployments that have not yet upgraded. Although no known exploits have been reported in the wild, the vulnerability's nature makes it a viable vector for social engineering attacks. The issue is resolved in WeGIA version 3.5.0 by properly validating the nextPage parameter to restrict redirection only to trusted internal pages. Organizations using WeGIA should verify their version and apply the update promptly. Additionally, monitoring for suspicious URL patterns and educating users about phishing risks can reduce exploitation likelihood.

For European organizations using WeGIA, this vulnerability presents a moderate risk primarily through social engineering and phishing attacks. Attackers can exploit the open redirect to craft convincing URLs that appear to originate from a trusted institutional domain, increasing the success rate of credential theft or malware delivery. This can lead to compromised user accounts, unauthorized access to sensitive institutional data, and potential lateral movement within networks. The impact on confidentiality and integrity is limited but non-negligible, as attackers do not directly gain system access but can leverage stolen credentials or malware payloads. Availability impact is minimal. Given the focus on Portuguese language users, institutions in European countries with significant Portuguese-speaking populations or academic/cultural ties to Brazil and Portugal may be more targeted. The medium severity rating suggests that while the vulnerability is not critical, it should not be ignored, especially in sectors like education, research, and public administration where WeGIA is deployed. Failure to patch could facilitate targeted phishing campaigns against staff and students, potentially leading to broader security incidents.

1. Upgrade all WeGIA installations to version 3.5.0 or later, where the open redirect vulnerability is fixed. 2. Implement strict input validation and URL whitelisting on the nextPage parameter to ensure redirection only occurs to internal, trusted URLs. 3. Deploy web application firewalls (WAFs) with rules to detect and block suspicious redirect attempts or anomalous URL parameters. 4. Conduct user awareness training focused on recognizing phishing attempts, especially those involving suspicious redirects from trusted domains. 5. Monitor web server logs and network traffic for unusual redirect patterns or spikes in external URL requests originating from WeGIA. 6. Consider implementing multi-factor authentication (MFA) to reduce the impact of credential theft resulting from phishing. 7. Regularly audit and update all third-party components and dependencies to minimize exposure to known vulnerabilities. 8. Establish incident response procedures to quickly address phishing or malware incidents linked to this vulnerability. These steps go beyond generic advice by focusing on both technical fixes and organizational preparedness tailored to the nature of this open redirect issue.