Sensitive Information Exposure in Wikimedia Foundation's Mediawiki Mobile Frontend Extension
CVE-2025-32080

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Mobile Frontend Extension
Vendor: CVE Published:; 11 April 2025

Summary

The Mediawiki - Mobile Frontend Extension from Wikimedia Foundation contains a vulnerability that allows unauthorized actors to access sensitive information. This issue arises from improper handling of shared resources, leading to potential information leakage in versions ranging from 1.39 to 1.43. The exposure of confidential data can pose serious risks, highlighting the importance of updating to secure versions to mitigate the threat.

Affected Version(s)

Mediawiki - Mobile Frontend Extension 1.39 <= 1.43

References

https://phabricator.wikimedia.org/T366402

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Mob...

https://gerrit.wikimedia.org/r/q/Ia5c3be79db37240acbaa630...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

Bawolff

Jdlrobson-WMF