MediaWiki Extension Vulnerability Affecting ManageWiki by Miraheze
CVE-2025-32964
4.6MEDIUM
What is CVE-2025-32964?
The ManageWiki extension for MediaWiki has a vulnerability that allows conflicting extensions to be automatically disabled, potentially exposing users to permission issues. When a restricted extension is enabled, it inadvertently disables other extensions without requiring the appropriate user rights. This flaw can be mitigated by ensuring that any extensions relying on specific permissions in $wgManageWikiExtensions also necessitate those permissions for managing conflicting extensions. The issue has been addressed in commit 00bebea.
Affected Version(s)
ManageWiki < 00bebea