MediaWiki SecurePoll Extension Vulnerability Exposes Election Admin Privileges
CVE-2025-53485

Currently unrated

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Securepoll Extension
Vendor: CVE Published:; 4 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53485?

The MediaWiki SecurePoll extension features a significant vulnerability within its SetTranslationHandler.php component. This flaw permits unauthorized users, including those who are unauthenticated, to modify election-related translation text due to a lack of validation for election admin status. Although updates in newer MediaWiki versions have addressed some aspects of this issue, critical checks are still absent, leaving the system vulnerable to potential manipulation. This can lead to unauthorized changes affecting the integrity of election processes.

Affected Version(s)

Mediawiki - SecurePoll extension 1.39.x < 1.39.13

Mediawiki - SecurePoll extension 1.42.x < 1.42.7

Mediawiki - SecurePoll extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T392341

https://gerrit.wikimedia.org/r/149668

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 30, 2025