Sensitive Information Exposure in Wikimedia Foundation's AbuseFilter Plugin
CVE-2025-32700

2.3LOW

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki
Vendor: CVE Published:; 10 April 2025

Summary

A vulnerability in the Wikimedia Foundation's AbuseFilter allows unauthorized actors to access sensitive information. This issue arises from improper handling of program files such as includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, and includes/View/AbuseFilterViewExamine.Php. It primarily affects the AbuseFilter version range from 1.43.0 to just before 1.43.1, potentially exposing critical data to threats.

Affected Version(s)

MediaWiki >= 1.43.0 < 1.43.1

References

https://phabricator.wikimedia.org/T389235

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Dreamy_Jazz