Incorrect Authorization Vulnerability in Wikimedia Foundation Mediawiki OAuth Extension
CVE-2025-32068

10CRITICAL

Key Information:

Vendor
The Wikimedia Foundation
Status
Mediawiki - Oauth Extension
Vendor
CVE Published:
11 April 2025

Summary

The OAuth Extension for Mediawiki by The Wikimedia Foundation has a vulnerability that allows for authentication bypass due to incorrect authorization mechanisms. This issue affects versions from 1.39 to 1.43. Attackers could exploit this vulnerability to gain unauthorized access, circumventing standard authentication processes. It is essential for users of these versions to apply necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Mediawiki - OAuth Extension 1.39 <= 1.43

References

https://phabricator.wikimedia.org/T336113
https://gerrit.wikimedia.org/r/q/I27b61af2cdfb862a42432e7...

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tgr
MarkusRost
.
CVE-2025-32068 : Incorrect Authorization Vulnerability in Wikimedia Foundation Mediawiki OAuth Extension | SecurityVulnerability.io