Improper Access Control in Wikimedia Foundation Mediawiki - Scribunto Extension
CVE-2025-53501

8.8HIGH

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki - Scribunto Extension
Vendor: CVE Published:; 3 July 2025

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-53501?

The Wikimedia Foundation's Mediawiki - Scribunto Extension suffers from an improper access control vulnerability, which allows unauthorized users to access functionalities that are not adequately restricted. This issue affects specific versions of the Scribunto Extension, making it crucial for users to upgrade to secure their installations. With this vulnerability, it is vital for organizations to assess their Mediawiki installations for potential security risks and apply necessary patches to mitigate unauthorized access.

Affected Version(s)

Mediawiki - Scribunto Extension 1.39.x < 1.39.13

Mediawiki - Scribunto Extension 1.42.x < 1.42.7

Mediawiki - Scribunto Extension 1.43.x < 1.43.2

References

https://phabricator.wikimedia.org/T397524

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scr...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 30, 2025

Credit

Leo768