CVE-2025-32698Sensitive Information Exposure in Foundation Mediawiki

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
2.1LOWNVD
EPSS
0.6%
top 31.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Wikimedia Foundation MediawikiMediawikiDebian Mediawiki
Timeline
PublishedApr 10

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5wikimedia_foundation/mediawiki< 1.39.12, 1.42.6, 1.43.1
debiandebian/mediawiki< mediawiki 1:1.39.12-1~deb12u1 (bookworm)
Debianmediawiki/mediawiki< 1:1.35.13-1+deb11u4+3

🔴Vulnerability Details

2
GHSA
GHSA-hh2q-7x5p-j2g2: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki2025-04-10
OSV
CVE-2025-32698: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki2025-04-10

📋Vendor Advisories

1
Debian
CVE-2025-32698: mediawiki - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki...2025
CVE-2025-32698 — Sensitive Information Exposure | cvebase