CVE-2025-62361 identifies an Open Redirect vulnerability (CWE-601) in the WeGIA web management system developed by LabRedesCefetRJ, targeting Portuguese language institutions. The vulnerability is located in the control.php endpoint, specifically within the nextPage parameter when used with the metodo=listarTodos and nomeClasse=AlmoxarifeControle parameters. Prior to version 3.5.0, this parameter does not properly validate or sanitize URLs, allowing an attacker to craft URLs that redirect users to arbitrary external domains. This redirection can be exploited to conduct phishing campaigns by luring users into malicious sites that mimic legitimate services, distribute malware payloads, or steal user credentials by impersonation. The vulnerability requires no privileges or authentication but depends on user interaction to click or be redirected via a crafted URL. The CVSS 4.8 score reflects a medium severity, considering the network attack vector, low attack complexity, no privileges required, but user interaction needed. The vulnerability affects all WeGIA versions prior to 3.5.0, and the vendor has addressed the issue in the 3.5.0 release. No public exploit code or active exploitation has been reported yet. The vulnerability's impact is primarily on confidentiality and integrity through social engineering and redirection, with limited direct impact on availability. The vulnerability is typical of open redirect issues where insufficient validation of redirect targets allows attackers to abuse trusted domains to facilitate attacks.

For European organizations using WeGIA, particularly educational or institutional bodies serving Portuguese-speaking populations, this vulnerability poses a moderate risk. Attackers can exploit the open redirect to conduct phishing attacks that leverage the trust users place in the legitimate WeGIA domain, increasing the likelihood of credential theft or malware infection. This can lead to unauthorized access to sensitive institutional data or compromise of user accounts. While the vulnerability does not directly allow system compromise or data manipulation, the indirect effects via social engineering can have significant operational and reputational impacts. Additionally, institutions that integrate WeGIA with other internal systems may face cascading risks if credentials or sessions are compromised. The medium CVSS score reflects that while exploitation is straightforward, the need for user interaction and the limited scope of direct technical impact reduce the overall severity. However, given the critical nature of institutional data and user trust, the threat should not be underestimated.

European organizations should immediately upgrade WeGIA installations to version 3.5.0 or later to remediate the vulnerability. Where immediate patching is not feasible, organizations should implement strict input validation and URL filtering on the nextPage parameter at the web application firewall (WAF) or reverse proxy level to block redirects to untrusted external domains. Security teams should monitor logs for suspicious redirect attempts and educate users about the risks of clicking unexpected links, especially those purporting to come from WeGIA. Implementing multi-factor authentication (MFA) can reduce the impact of credential theft resulting from phishing. Additionally, organizations should conduct phishing awareness campaigns tailored to the user base to reduce the likelihood of successful social engineering. Regular vulnerability scanning and penetration testing focused on open redirect and similar web vulnerabilities should be incorporated into security programs. Finally, reviewing and restricting outbound web traffic to known malicious domains can help contain exploitation attempts.