CVE-2025-53531
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WeGIA server involves a lack of validation on the length of the HTTP GET parameter 'fid'. Attackers can send excessively long URLs (up to 8,142 characters) with very long 'fid' values or many concatenated parameters, causing the server to consume excessive CPU and memory resources. This leads to high latency, timeouts, read errors, and overall server instability, making the server vulnerable to Denial of Service (DoS) attacks. [1]
How can this vulnerability impact me? :
This vulnerability can severely degrade or disrupt the availability of the WeGIA server by exhausting its resources. It can cause high latency, timeouts, and read errors, resulting in poor user experience and potential service outages. Attackers can exploit this to perform Denial of Service (DoS) attacks, making the server unavailable to legitimate users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending HTTP GET requests with excessively long 'fid' parameters or URLs to the WeGIA server and observing the server's behavior for high latency, timeouts, or read errors. A proof-of-concept uses a curl command to send a GET request with a very long parameter. Additionally, load testing tools like 'wrk' can simulate high request rates to observe resource exhaustion symptoms. Example curl command: curl 'http://target-server/path?fid=' followed by a very long string. Monitoring for increased latency, timeouts, and read errors during these tests indicates the presence of the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the WeGIA server to version 3.3.0 or later, where input validation for the 'fid' parameter and URL length has been implemented to prevent resource exhaustion. Until the upgrade can be applied, consider implementing network-level protections such as rate limiting, filtering excessively long URLs or parameters, and monitoring for abnormal request patterns to reduce the risk of Denial of Service attacks exploiting this vulnerability. [1]