Uncontrolled Resource Consumption in Wikimedia Foundation Mediawiki - IPInfo Extension
CVE-2025-53481

Currently unrated

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Ipinfo Extension
Vendor: CVE Published:; 4 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53481?

The IPInfo Extension for Wikimedia Foundation's Mediawiki software has a vulnerability that allows excessive resource allocation, potentially leading to denial of service conditions. This affects specific versions of the extension, whereby improper handling of resource requests can result in unregulated consumption, adversely impacting system performance and availability. It is crucial for users to upgrade to the fixed versions to mitigate this issue.

Affected Version(s)

Mediawiki - IPInfo Extension 1.39.x < 1.39.13

Mediawiki - IPInfo Extension 1.42.x < 1.42.7

Mediawiki - IPInfo Extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T392976

https://gerrit.wikimedia.org/r/q/I474b7a1b3bc1e7597fee082...

https://gerrit.wikimedia.org/r/q/I08a7154f8fa08bb6f0940e5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 30, 2025