CVE-2025-53531

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53531

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53531.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53531

Aliases

GHSA-4ffc-f23j-54m3

Published

2025-07-07T17:02:33.439Z

Modified

2026-04-10T05:30:51.095109Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

WeGIA allows Uncontrolled Resource Consumption via the fid parameter

Details

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53531.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-770"
    ]
}

References

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type: GIT
Repo: https://github.com/labredescefetrj/wegia
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6297c2436eba9a25ab42c9034cbdbc949da45269

Affected versions

0.*

0.9.4-beta

v1.*

v1.0

v2.*

v2.0

v2.0-beta

v3.*

v3.1

v3.2.0

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.2.15

v3.2.16

v3.2.17

v3.2.6

v3.2.7

v3.2.8

v3.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53531.json"