CVE-2025-27419
Published: 03 March 2025
Description
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
Security Summary
CVE-2025-27419 is a Denial of Service (DoS) vulnerability affecting WeGIA, an open-source Web Manager for Institutions primarily designed for Portuguese language users. The flaw arises from recursive crawling of dynamically generated URLs coupled with insufficient handling of large volumes of requests, enabling the server to become unresponsive under aggressive spidering. Published on 2025-03-03, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-770.
Any unauthenticated user with network access can exploit this vulnerability by conducting aggressive spidering, which triggers excessive resource consumption and renders the WeGIA server unresponsive. Exploitation requires no privileges, user interaction, or special conditions beyond low-complexity network operations, resulting in high-impact availability disruption without affecting confidentiality or integrity.
The vulnerability is fixed in WeGIA version 3.2.16. Mitigation details are available in the GitHub security advisory at GHSA-9rp6-4mqp-g4p8 and the patching commit at 624ddfadb3fd8f8b30ad4f601b032a9bacc86a39, which security practitioners should review for implementation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
DoS vulnerability enables resource exhaustion via aggressive spidering/requests, directly facilitating T1499.003 Application Exhaustion Flood.