CSRF Vulnerability in MediaWiki SecurePoll Extension
CVE-2025-53483

8.8HIGH

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Securepoll Extension
Vendor: CVE Published:; 4 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53483?

The SecurePoll extension in MediaWiki contains a vulnerability where critical functions in ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() fail to properly validate request methods and CSRF tokens. This oversight allows an attacker to perform privileged actions if an administrator is lured to a malicious site, potentially compromising the integrity of sensitive operations and data within the application. Prompt attention to securing these endpoints is necessary to mitigate the risk of unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mediawiki - SecurePoll extension 1.39.x < 1.39.13

Mediawiki - SecurePoll extension 1.42.x < 1.42.7

Mediawiki - SecurePoll extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T392341

https://gerrit.wikimedia.org/r/1149618

https://gerrit.wikimedia.org/r/1149664

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 30, 2025

JSON

Wikimedia Foundation

What is CVE-2025-53483?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.