Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-62666 (GCVE-0-2025-62666)
Vulnerability from cvelistv5 – Published: 2025-10-18 04:47 – Updated: 2025-10-20 16:02
VLAI
EPSS
Title
DoS vector through the cirrusbuilddoc query API
Summary
Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - CirrusSearch Extension |
Affected:
master , < 1.43
(semver)
|
Credits
dreamy_jazz
dcausse
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T16:02:47.659526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T16:02:54.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - CirrusSearch Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"lessThan": "1.43",
"status": "affected",
"version": "master",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dreamy_jazz"
},
{
"lang": "en",
"type": "remediation developer",
"value": "dcausse"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.\u003cp\u003eThis issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T04:47:52.437Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2"
},
{
"url": "https://phabricator.wikimedia.org/T401220"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DoS vector through the cirrusbuilddoc query API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-62666",
"datePublished": "2025-10-18T04:47:52.437Z",
"dateReserved": "2025-10-18T04:03:51.880Z",
"dateUpdated": "2025-10-20T16:02:54.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-62666",
"date": "2026-06-08",
"epss": "0.00062",
"percentile": "0.19418"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-62666\",\"sourceIdentifier\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"published\":\"2025-10-18T05:15:34.200\",\"lastModified\":\"2025-10-21T19:31:25.450\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"},{\"url\":\"https://phabricator.wikimedia.org/T401220\",\"source\":\"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-62666\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-20T16:02:47.659526Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-20T16:02:51.952Z\"}}], \"cna\": {\"title\": \"DoS vector through the cirrusbuilddoc query API\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"dreamy_jazz\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"dcausse\"}], \"impacts\": [{\"capecId\": \"CAPEC-469\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-469 HTTP DoS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"The Wikimedia Foundation\", \"product\": \"Mediawiki - CirrusSearch Extension\", \"versions\": [{\"status\": \"affected\", \"version\": \"master\", \"lessThan\": \"1.43\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2\"}, {\"url\": \"https://phabricator.wikimedia.org/T401220\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.\u003cp\u003eThis issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"shortName\": \"wikimedia-foundation\", \"dateUpdated\": \"2025-10-18T04:47:52.437Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-62666\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-20T16:02:54.874Z\", \"dateReserved\": \"2025-10-18T04:03:51.880Z\", \"assignerOrgId\": \"c4f26cc8-17ff-4c99-b5e2-38fc1793eacc\", \"datePublished\": \"2025-10-18T04:47:52.437Z\", \"assignerShortName\": \"wikimedia-foundation\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Mediawiki - CirrusSearch Extension拒绝服务漏洞
Description
Mediawiki - CirrusSearch Extension是MediaWiki的一个扩展,用于提供高级搜索功能,增强搜索效率。
Mediawiki - CirrusSearch Extension存在拒绝服务漏洞,该漏洞源于资源分配无限制或节流,攻击者可利用该漏洞导致HTTP拒绝服务。
Severity
高
Patch Name
Mediawiki - CirrusSearch Extension拒绝服务漏洞的补丁
Patch Description
Mediawiki - CirrusSearch Extension是MediaWiki的一个扩展,用于提供高级搜索功能,增强搜索效率。
Mediawiki - CirrusSearch Extension存在拒绝服务漏洞,该漏洞源于资源分配无限制或节流,攻击者可利用该漏洞导致HTTP拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://phabricator.wikimedia.org/T401220
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-62666
Impacted products
| Name | MediaWiki Mediawiki - CirrusSearch Extension <1.43 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-62666",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666"
}
},
"description": "Mediawiki - CirrusSearch Extension\u662fMediaWiki\u7684\u4e00\u4e2a\u6269\u5c55\uff0c\u7528\u4e8e\u63d0\u4f9b\u9ad8\u7ea7\u641c\u7d22\u529f\u80fd\uff0c\u589e\u5f3a\u641c\u7d22\u6548\u7387\u3002\n\nMediawiki - CirrusSearch Extension\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u5206\u914d\u65e0\u9650\u5236\u6216\u8282\u6d41\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4HTTP\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://phabricator.wikimedia.org/T401220",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-29384",
"openTime": "2025-11-26",
"patchDescription": "Mediawiki - CirrusSearch Extension\u662fMediaWiki\u7684\u4e00\u4e2a\u6269\u5c55\uff0c\u7528\u4e8e\u63d0\u4f9b\u9ad8\u7ea7\u641c\u7d22\u529f\u80fd\uff0c\u589e\u5f3a\u641c\u7d22\u6548\u7387\u3002\r\n\r\nMediawiki - CirrusSearch Extension\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u5206\u914d\u65e0\u9650\u5236\u6216\u8282\u6d41\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4HTTP\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mediawiki - CirrusSearch Extension\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "MediaWiki Mediawiki - CirrusSearch Extension \u003c1.43"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666",
"serverity": "\u9ad8",
"submitTime": "2025-10-23",
"title": "Mediawiki - CirrusSearch Extension\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2025-62666
Vulnerability from fkie_nvd - Published: 2025-10-18 05:15 - Updated: 2026-04-15 00:35
Severity
Summary
Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43."
}
],
"id": "CVE-2025-62666",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
},
"published": "2025-10-18T05:15:34.200",
"references": [
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2"
},
{
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"url": "https://phabricator.wikimedia.org/T401220"
}
],
"sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"type": "Secondary"
}
]
}
GHSA-W49H-RMGR-RWP7
Vulnerability from github – Published: 2025-10-18 06:30 – Updated: 2025-10-18 06:30
VLAI
Details
Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.
Severity
{
"affected": [],
"aliases": [
"CVE-2025-62666"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-18T05:15:34Z",
"severity": "MODERATE"
},
"details": "Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43.",
"id": "GHSA-w49h-rmgr-rwp7",
"modified": "2025-10-18T06:30:25Z",
"published": "2025-10-18T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666"
},
{
"type": "WEB",
"url": "https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2"
},
{
"type": "WEB",
"url": "https://phabricator.wikimedia.org/T401220"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
WID-SEC-W-2025-2336
Vulnerability from csaf_certbund - Published: 2025-10-19 22:00 - Updated: 2025-10-22 22:00Summary
MediaWiki Extensions: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MediaWiki ist ein freies Wiki, das ursprünglich für den Einsatz auf Wikipedia entwickelt wurde.
Angriff: Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source MediaWiki AdvancedSearch Extension <1.39
Open Source / MediaWiki
|
AdvancedSearch Extension <1.39 | ||
|
Open Source MediaWiki QuizGame extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:quizgame_extension
|
QuizGame extension | |
|
Open Source MediaWiki Cargo extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo extension | |
|
Open Source MediaWiki Cargo Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:cargo_extension
|
Cargo Extension | |
|
Open Source MediaWiki Skin:BlueSky Extension <1.39
Open Source / MediaWiki
|
Skin:BlueSky Extension <1.39 | ||
|
Open Source MediaWiki FlexDiagrams Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:flexdiagrams_extension
|
FlexDiagrams Extension | |
|
Open Source MediaWiki UploadWizard Extension <1.39
Open Source / MediaWiki
|
UploadWizard Extension <1.39 | ||
|
Open Source MediaWiki ImageRating Extension <1.39
Open Source / MediaWiki
|
ImageRating Extension <1.39 | ||
|
Open Source MediaWiki PollNY extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:pollny_extension
|
PollNY extension | |
|
Open Source MediaWiki Citizen <3.9.0
Open Source / MediaWiki
|
Citizen <3.9.0 | ||
|
Open Source MediaWiki CentralAuth Extension <1.39
Open Source / MediaWiki
|
CentralAuth Extension <1.39 | ||
|
Open Source MediaWiki CirrusSearch Extension <1.43
Open Source / MediaWiki
|
CirrusSearch Extension <1.43 | ||
|
Open Source MediaWiki WebAuthn extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:webauthn_extension
|
WebAuthn extension | |
|
Open Source MediaWiki GrowthExperiments Extension <1.39
Open Source / MediaWiki
|
GrowthExperiments Extension <1.39 | ||
|
Open Source MediaWiki <1.44.1
Open Source / MediaWiki
|
<1.44.1 | ||
|
Open Source MediaWiki <1.39.14
Open Source / MediaWiki
|
<1.39.14 | ||
|
Open Source MediaWiki <1.43.4
Open Source / MediaWiki
|
<1.43.4 | ||
|
Open Source MediaWiki SecurePoll Extension
Open Source / MediaWiki
|
cpe:/a:mediawiki:mediawiki:securepoll_extension
|
SecurePoll Extension |
References
19 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MediaWiki ist ein freies Wiki, das urspr\u00fcnglich f\u00fcr den Einsatz auf Wikipedia entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in MediaWiki ausnutzen, um Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2336 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2336.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2336 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2336"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11937"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62508"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62652"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62653"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62654"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62655"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62662"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62663"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62664"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62665"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62666"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62667"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62668"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62669"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62670"
},
{
"category": "external",
"summary": "NIST Vulnerability Database vom 2025-10-19",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62671"
},
{
"category": "external",
"summary": "MediaWiki Extensions and Skins Security Release Supplement (1.39.14/1.43.4/1.44.1)",
"url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/4P2UZCT4UFX2JKILESDBKT3QQ3JHMWTN/"
}
],
"source_lang": "en-US",
"title": "MediaWiki Extensions: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-22T22:00:00.000+00:00",
"generator": {
"date": "2025-10-23T08:39:02.651+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2336",
"initial_release_date": "2025-10-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.39.14",
"product": {
"name": "Open Source MediaWiki \u003c1.39.14",
"product_id": "T047373"
}
},
{
"category": "product_version",
"name": "1.39.14",
"product": {
"name": "Open Source MediaWiki 1.39.14",
"product_id": "T047373-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.39.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.43.4",
"product": {
"name": "Open Source MediaWiki \u003c1.43.4",
"product_id": "T047374"
}
},
{
"category": "product_version",
"name": "1.43.4",
"product": {
"name": "Open Source MediaWiki 1.43.4",
"product_id": "T047374-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.43.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.44.1",
"product": {
"name": "Open Source MediaWiki \u003c1.44.1",
"product_id": "T047375"
}
},
{
"category": "product_version",
"name": "1.44.1",
"product": {
"name": "Open Source MediaWiki 1.44.1",
"product_id": "T047375-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:1.44.1"
}
}
},
{
"category": "product_version",
"name": "WebAuthn extension",
"product": {
"name": "Open Source MediaWiki WebAuthn extension",
"product_id": "T047804",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:webauthn_extension"
}
}
},
{
"category": "product_version",
"name": "PollNY extension",
"product": {
"name": "Open Source MediaWiki PollNY extension",
"product_id": "T047805",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:pollny_extension"
}
}
},
{
"category": "product_version_range",
"name": "Citizen \u003c3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen \u003c3.9.0",
"product_id": "T047806"
}
},
{
"category": "product_version",
"name": "Citizen 3.9.0",
"product": {
"name": "Open Source MediaWiki Citizen 3.9.0",
"product_id": "T047806-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:citizen__3.9.0"
}
}
},
{
"category": "product_version",
"name": "QuizGame extension",
"product": {
"name": "Open Source MediaWiki QuizGame extension",
"product_id": "T047807",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:quizgame_extension"
}
}
},
{
"category": "product_version",
"name": "Cargo extension",
"product": {
"name": "Open Source MediaWiki Cargo extension",
"product_id": "T047808",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version_range",
"name": "AdvancedSearch Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension \u003c1.39",
"product_id": "T047809"
}
},
{
"category": "product_version",
"name": "AdvancedSearch Extension 1.39",
"product": {
"name": "Open Source MediaWiki AdvancedSearch Extension 1.39",
"product_id": "T047809-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:advancedsearch_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "UploadWizard Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension \u003c1.39",
"product_id": "T047810"
}
},
{
"category": "product_version",
"name": "UploadWizard Extension 1.39",
"product": {
"name": "Open Source MediaWiki UploadWizard Extension 1.39",
"product_id": "T047810-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:uploadwizard_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "ImageRating Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension \u003c1.39",
"product_id": "T047811"
}
},
{
"category": "product_version",
"name": "ImageRating Extension 1.39",
"product": {
"name": "Open Source MediaWiki ImageRating Extension 1.39",
"product_id": "T047811-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:imagerating_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "Skin:BlueSky Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension \u003c1.39",
"product_id": "T047812"
}
},
{
"category": "product_version",
"name": "Skin:BlueSky Extension 1.39",
"product": {
"name": "Open Source MediaWiki Skin:BlueSky Extension 1.39",
"product_id": "T047812-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:skinbluesky_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CirrusSearch Extension \u003c1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension \u003c1.43",
"product_id": "T047814"
}
},
{
"category": "product_version",
"name": "CirrusSearch Extension 1.43",
"product": {
"name": "Open Source MediaWiki CirrusSearch Extension 1.43",
"product_id": "T047814-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cirrussearch_extension__1.43"
}
}
},
{
"category": "product_version_range",
"name": "GrowthExperiments Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension \u003c1.39",
"product_id": "T047815"
}
},
{
"category": "product_version",
"name": "GrowthExperiments Extension 1.39",
"product": {
"name": "Open Source MediaWiki GrowthExperiments Extension 1.39",
"product_id": "T047815-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:growthexperiments_extension__1.39"
}
}
},
{
"category": "product_version_range",
"name": "CentralAuth Extension \u003c1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension \u003c1.39",
"product_id": "T047817"
}
},
{
"category": "product_version",
"name": "CentralAuth Extension 1.39",
"product": {
"name": "Open Source MediaWiki CentralAuth Extension 1.39",
"product_id": "T047817-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:centralauth_extension__1.39"
}
}
},
{
"category": "product_version",
"name": "Cargo Extension",
"product": {
"name": "Open Source MediaWiki Cargo Extension",
"product_id": "T047819",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:cargo_extension"
}
}
},
{
"category": "product_version",
"name": "SecurePoll Extension",
"product": {
"name": "Open Source MediaWiki SecurePoll Extension",
"product_id": "T047820",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:securepoll_extension"
}
}
},
{
"category": "product_version",
"name": "FlexDiagrams Extension",
"product": {
"name": "Open Source MediaWiki FlexDiagrams Extension",
"product_id": "T047821",
"product_identification_helper": {
"cpe": "cpe:/a:mediawiki:mediawiki:flexdiagrams_extension"
}
}
}
],
"category": "product_name",
"name": "MediaWiki"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11937",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-11937"
},
{
"cve": "CVE-2025-62508",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62508"
},
{
"cve": "CVE-2025-62652",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62652"
},
{
"cve": "CVE-2025-62653",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62653"
},
{
"cve": "CVE-2025-62654",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62654"
},
{
"cve": "CVE-2025-62655",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62655"
},
{
"cve": "CVE-2025-62662",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62662"
},
{
"cve": "CVE-2025-62663",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62663"
},
{
"cve": "CVE-2025-62664",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62664"
},
{
"cve": "CVE-2025-62665",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62665"
},
{
"cve": "CVE-2025-62666",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62666"
},
{
"cve": "CVE-2025-62667",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62667"
},
{
"cve": "CVE-2025-62668",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62668"
},
{
"cve": "CVE-2025-62669",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62669"
},
{
"cve": "CVE-2025-62670",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62670"
},
{
"cve": "CVE-2025-62671",
"product_status": {
"known_affected": [
"T047809",
"T047807",
"T047808",
"T047819",
"T047812",
"T047821",
"T047810",
"T047811",
"T047805",
"T047806",
"T047817",
"T047814",
"T047804",
"T047815",
"T047375",
"T047373",
"T047374",
"T047820"
]
},
"release_date": "2025-10-19T22:00:00.000+00:00",
"title": "CVE-2025-62671"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…