MediaWiki SecurePoll Extension Vulnerability Exposes Election Admin Privileges
CVE-2025-53485

7.5HIGH

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Securepoll Extension
Vendor: CVE Published:; 4 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53485?

The MediaWiki SecurePoll extension features a significant vulnerability within its SetTranslationHandler.php component. This flaw permits unauthorized users, including those who are unauthenticated, to modify election-related translation text due to a lack of validation for election admin status. Although updates in newer MediaWiki versions have addressed some aspects of this issue, critical checks are still absent, leaving the system vulnerable to potential manipulation. This can lead to unauthorized changes affecting the integrity of election processes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mediawiki - SecurePoll extension 1.39.x < 1.39.13

Mediawiki - SecurePoll extension 1.42.x < 1.42.7

Mediawiki - SecurePoll extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T392341

https://gerrit.wikimedia.org/r/149668

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jun 30, 2025

JSON

Wikimedia Foundation

What is CVE-2025-53485?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.