CSRF Vulnerability in MediaWiki SecurePoll Extension
CVE-2025-53483

Currently unrated

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Securepoll Extension
Vendor: CVE Published:; 4 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53483?

The SecurePoll extension in MediaWiki contains a vulnerability where critical functions in ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() fail to properly validate request methods and CSRF tokens. This oversight allows an attacker to perform privileged actions if an administrator is lured to a malicious site, potentially compromising the integrity of sensitive operations and data within the application. Prompt attention to securing these endpoints is necessary to mitigate the risk of unauthorized actions.

Affected Version(s)

Mediawiki - SecurePoll extension 1.39.x < 1.39.13

Mediawiki - SecurePoll extension 1.42.x < 1.42.7

Mediawiki - SecurePoll extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T392341

https://gerrit.wikimedia.org/r/1149618

https://gerrit.wikimedia.org/r/1149664

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 30, 2025