Improper Access Control in Wikimedia Foundation Mediawiki - Scribunto Extension
CVE-2025-53501

8.8HIGH

Key Information:

Vendor

Wikimedia Foundation

Status
Mediawiki - Scribunto Extension
Vendor
CVE Published:
3 July 2025

What is CVE-2025-53501?

The Wikimedia Foundation's Mediawiki - Scribunto Extension suffers from an improper access control vulnerability, which allows unauthorized users to access functionalities that are not adequately restricted. This issue affects specific versions of the Scribunto Extension, making it crucial for users to upgrade to secure their installations. With this vulnerability, it is vital for organizations to assess their Mediawiki installations for potential security risks and apply necessary patches to mitigate unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mediawiki - Scribunto Extension 1.39.x < 1.39.13

Mediawiki - Scribunto Extension 1.42.x < 1.42.7

Mediawiki - Scribunto Extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T397524
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scr...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Leo768
JSON
.