What is the CVSS score of EUVD-2025-20287?

EUVD-2025-20287 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Wegia are affected by EUVD-2025-20287?

WeGIA server versions prior to 3.3.0 are vulnerable to denial-of-service attacks via oversized HTTP GET requests, potentially disrupting charitable institution operations and staff access to critical…. A patch is available.

Is there a public PoC exploit available for EUVD-2025-20287?

Yes, a public proof-of-concept exploit is available for EUVD-2025-20287. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2025-20287?

Within 24 hours: Identify all WeGIA server instances and document current versions. Within 7 days: Apply vendor patch to WeGIA version 3.3.0 or later across all production and non-production instances. Within 30 days: Validate patch deployment, review firewall rules for request size limits, and implement HTTP request length restrictions at network perimeter to block oversized payloads.

Wegia EUVD-2025-20287

| CVE-2025-53530 HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2025-07-07 security-advisories@github.com

Denial Of Service Wegia

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:34 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

3.3.0

EUVD ID Assigned

Mar 16, 2026 - 03:37 euvd

EUVD-2025-20287

Analysis Generated

Mar 16, 2026 - 03:37 vuln.today

PoC Detected

Jul 10, 2025 - 21:16 vuln.today

Public exploit code

CVE Published

Jul 07, 2025 - 17:15 nvd

HIGH 7.5

DescriptionGitHub Advisory

WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0.

Analysis

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Allocation of Resources Without Limits or Throttling (CWE-770).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

EUVD-2025-20287 vulnerability details – vuln.today

Back

Wegia EUVD-2025-20287

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code