What is the CVSS score of CVE-2025-53531?

CVE-2025-53531 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Wegia are affected by CVE-2025-53531?

WeGIA server versions prior to 3.3.0 contain a denial-of-service vulnerability triggered by unvalidated HTTP GET request parameters, allowing attackers to exhaust server resources and cause service…. A patch is available.

Is there a public PoC exploit available for CVE-2025-53531?

Yes, a public proof-of-concept exploit is available for CVE-2025-53531. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-53531?

Within 24 hours: Inventory all WeGIA installations and document current versions. Within 7 days: Apply vendor patch to WeGIA 3.3.0 or later across all instances; test in non-production environment first. Within 30 days: Verify patch deployment completion, review access logs for exploitation attempts (oversized GET requests to the fid parameter), and implement request size limits at the web server or load balancer level as a secondary control.

Wegia CVE-2025-53531

EUVD-2025-20285 HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2025-07-07 security-advisories@github.com

Denial Of Service Wegia

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:34 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

3.3.0

EUVD ID Assigned

Mar 16, 2026 - 03:37 euvd

EUVD-2025-20285

Analysis Generated

Mar 16, 2026 - 03:37 vuln.today

PoC Detected

Jul 10, 2025 - 20:49 vuln.today

Public exploit code

CVE Published

Jul 07, 2025 - 17:15 nvd

HIGH 7.5

DescriptionNVD

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

Analysis

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Allocation of Resources Without Limits or Throttling (CWE-770).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2025-53531 vulnerability details – vuln.today

Back

Wegia CVE-2025-53531

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code