Improper Preservation of Permissions in Wikimedia Foundation's MediaWiki
CVE-2025-32696

NONE

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki
Vendor: CVE Published:; 10 April 2025

Summary

An improper preservation of permissions vulnerability exists in Wikimedia Foundation's MediaWiki, specifically in the program files includes/actions/RevertAction.php and includes/api/ApiFileRevert.php. This issue allows unauthorized users to potentially gain elevated access, compromising the integrity of the application. It is critical for users operating versions prior to 1.39.12, 1.42.6, and 1.43.1 to apply the necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

MediaWiki 0 < 1.39.12, 1.42.6, 1.43.1

References

https://phabricator.wikimedia.org/T304474

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Porplemontage

Bartosz Dziewoński