Vulnerability in Wikimedia Foundation AbuseFilter Affects Authentication Management
CVE-2025-6592

2.1LOW

Key Information:

Vendor: Wikimedia Foundation
Status: Abusefilter
Vendor: CVE Published:; 2 February 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-6592?

The Wikimedia Foundation's AbuseFilter is vulnerable due to an issue in the authentication management system, specifically found in the program files at includes/auth/AuthManager.Php. This vulnerability could allow unauthorized access, impacting the security and integrity of the service. Users running versions prior to 1.43.2 and 1.44.0 are particularly at risk and should take immediate action to update their software to ensure protection against potential exploitation. For more information, visit the related Phabricator link.

Affected Version(s)

AbuseFilter fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 < 1.43.2, 1.44.0

References

https://phabricator.wikimedia.org/T391218

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Jun 24, 2025

CVE-2025-6592 Data

JSON