CVE-2025-62597 – WeGIA versions before 3.5.1 contain a reflected... (How to Fix)

Q: What is the severity of CVE-2025-62597?

CVE-2025-62597 has a CVSS score of 6.1 (MEDIUM). WeGIA versions before 3.5.1 contain a reflected cross-site scripting (XSS) vulnerability in the editar_info_pessoal.php endpoint. Attackers can inject malicious scripts via the sql parameter, potentially compromising user sessions. This affects all WeGIA deployments using vulnerable versions.

📋 TL;DR

WeGIA versions before 3.5.1 contain a reflected cross-site scripting (XSS) vulnerability in the editar_info_pessoal.php endpoint. Attackers can inject malicious scripts via the sql parameter, potentially compromising user sessions. This affects all WeGIA deployments using vulnerable versions.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.5.1

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments with the vulnerable endpoint accessible.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, take over accounts, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Session hijacking, cookie theft, or credential harvesting from users who click malicious links.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (clicking malicious link) but no authentication needed for the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.1

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wqjv-fhc9-h7hm

Restart Required: No

Instructions:

1. Backup your WeGIA installation and database. 2. Download version 3.5.1 from the official GitHub repository. 3. Replace the vulnerable files with the patched version. 4. Verify the fix by testing the editar_info_pessoal.php endpoint.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side validation and encoding for the sql parameter to prevent script injection.

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block malicious script patterns in the sql parameter.

🧯 If You Can't Patch

Restrict access to the vulnerable endpoint using network ACLs or authentication.
Implement Content Security Policy (CSP) headers to mitigate script execution.

🔍 How to Verify

Check if Vulnerable:

Test the endpoint GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=<script>alert('XSS')</script> and check if script executes.

Check Version:

Check the WeGIA version in the application interface or configuration files.

Verify Fix Applied:

After patching, test the same endpoint; script should not execute and input should be sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual GET requests to editar_info_pessoal.php with script-like content in the sql parameter.

Network Indicators:

HTTP requests containing malicious scripts in query parameters.

SIEM Query:

source="web_logs" AND uri="/WeGIA/html/pessoa/editar_info_pessoal.php" AND query CONTAINS "<script>"

📊 Metadata

CVE ID: CVE-2025-62597

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.1th percentile)

Published: October 21, 2025

Last Updated: October 24, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/commit/e41395fe6a7b4f428b1797a8d5b52e0e3dbbb3d9 Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.1 Release Notes
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wqjv-fhc9-h7hm Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62597, you might also want to check these: