CVE-2025-27419

3 Mar 2025

Título es
CVE-2025-27419

Lun, 03/03/2025 – 16:15

Tipo
CWE-770

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27419

Descripción en
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by performing aggressive spidering. The vulnerability is caused by recursive crawling of dynamically generated URLs and insufficient handling of large volumes of requests. This vulnerability is fixed in 3.2.16.

03/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
9.20

Gravedad 4.0 txt
CRITICAL

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

https://github.com/LabRedesCefetRJ/WeGIA/commit/624ddfadb3fd8f8b30ad4f601b032a9bacc86a39

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9rp6-4mqp-g4p8

Enviar en el boletín
Off