OATHAuth Vulnerability in Wikimedia Foundation Products
CVE-2025-11173

NONE

Key Information:

Vendor

Wikimedia Foundation

Status
Oathauth
Vendor
CVE Published:
3 February 2026

What is CVE-2025-11173?

A security flaw exists in the OATHAuth extension of Wikimedia Foundation, located within the program files src/Special/OATHManage.php. This vulnerability can potentially allow unauthorized access or manipulation of the authentication procedures, posing risks to user security. Affected versions include all releases prior to 1.39.14 as well as versions 1.43.4 and 1.44.1.

Affected Version(s)

OATHAuth * < 1.39.14, 1.43.4, 1.44.1

References

https://phabricator.wikimedia.org/T401862
https://phabricator.wikimedia.org/T402094

CVSS V4

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.