CVE-2025-62598 identifies a reflected cross-site scripting (XSS) vulnerability in the WeGIA open-source web management system developed by LabRedesCefetRJ, targeting Portuguese language institutions. The vulnerability exists in the editar_info_pessoal.php endpoint, specifically in the 'action' GET parameter, which fails to properly neutralize user input before embedding it into the web page. This improper input sanitization allows attackers to craft malicious URLs that, when visited by a user, execute arbitrary JavaScript in the context of the victim's browser session. The vulnerability does not require authentication, user interaction, or privileges, making it easier to exploit remotely. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and no impact on confidentiality, integrity, or availability (VC:N/VI:N/VA:N), but with scope changed (S:I), which suggests the vulnerability affects components beyond the initially vulnerable code. Although no known exploits are reported in the wild, the vulnerability poses risks such as session hijacking, credential theft, or redirection to malicious sites. The issue was addressed in WeGIA version 3.5.1 by implementing proper input validation and output encoding to neutralize the injected scripts. Organizations using WeGIA versions prior to 3.5.1 are vulnerable and should upgrade promptly to mitigate risk.

For European organizations, especially those operating in education, government, or institutions serving Portuguese-speaking communities, this vulnerability could lead to unauthorized script execution in users' browsers. This can result in session hijacking, theft of sensitive information, or redirection to phishing or malware sites. Although the CVSS score is medium and the vulnerability does not directly compromise system confidentiality, integrity, or availability, the exploitation can facilitate further attacks such as credential theft or lateral movement. The lack of required authentication and user interaction increases the risk of widespread exploitation if attackers distribute malicious links. This is particularly concerning for institutions with large user bases or those handling sensitive personal data. Additionally, the reflected XSS could undermine user trust and compliance with data protection regulations such as GDPR if personal data is compromised through secondary attacks.

1. Immediately upgrade all WeGIA instances to version 3.5.1 or later where the vulnerability is patched. 2. Implement strict input validation and output encoding on all user-supplied data, especially URL parameters like 'action', to prevent script injection. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Monitor web server logs for suspicious requests targeting the editar_info_pessoal.php endpoint with unusual or encoded payloads. 5. Educate users about the risks of clicking on untrusted links, especially those that appear to come from internal systems. 6. Conduct regular security assessments and penetration tests focusing on web application input handling. 7. If upgrading immediately is not possible, consider temporary web application firewall (WAF) rules to block requests containing suspicious script patterns in the 'action' parameter. 8. Review and enhance session management controls to limit the impact of potential session hijacking.