CVE-2025-32697Improper Preservation of Permissions in Foundation Mediawiki

CWE-281Improper Preservation of Permissions4 documents4 sources
Severity
0.0N/ANVD
EPSS
0.3%
top 45.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Wikimedia Foundation MediawikiMediawikiDebian Mediawiki
Timeline
PublishedApr 10

Description

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5wikimedia_foundation/mediawiki< 1.42.6, 1.43.1
debiandebian/mediawiki< mediawiki 1:1.43.1+dfsg-1 (forky)
Debianmediawiki/mediawiki< 1:1.43.1+dfsg-1+1

🔴Vulnerability Details

2
OSV
CVE-2025-32697: Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki2025-04-10
GHSA
GHSA-f626-w254-w424: Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki2025-04-10

📋Vendor Advisories

1
Debian
CVE-2025-32697: mediawiki - Improper Preservation of Permissions vulnerability in Wikimedia Foundation Media...2025
CVE-2025-32697 — Improper Preservation of Permissions | cvebase