Vulnerability in MediaWiki and Cite Affecting Wikimedia Foundation
CVE-2025-67479

NONE

Key Information:

Vendor

Wikimedia Foundation

Status
Mediawiki
Cite
Vendor
CVE Published:
3 February 2026

What is CVE-2025-67479?

A vulnerability exists in both MediaWiki and Cite, where improper validation in the program files, specifically includes/Parser/CoreParserFunctions.php and includes/Parser/Sanitizer.php, poses a risk to data integrity. This flaw could allow attackers to manipulate input in a way that compromises the application. Users operating versions before 1.39.14 or specific later versions (1.43.4, 1.44.1) are particularly at risk. Immediate updates are highly recommended to mitigate potential security breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cite * < 1.39.14, 1.43.4, 1.44.1

MediaWiki * < 1.39.14, 1.43.4, 1.44.1

References

https://phabricator.wikimedia.org/T407131

CVSS V4

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.