CVE-2025-6589 — Path Traversal in Mediawiki

CWE-22 — Path Traversal5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 93.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki Wikimedia Foundation Mediawiki

Timeline

PublishedFeb 2

Latest updateFeb 3

Description

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5wikimedia_foundation/mediawiki>= 1.42.0

▶debiandebian/mediawiki< mediawiki 1:1.43.3+dfsg-1 (forky)

▶Debianmediawiki/mediawiki< 1:1.43.3+dfsg-1+1

🔴Vulnerability Details

GHSA

GHSA-mv9h-82v8-3r9p: Vulnerability in Wikimedia Foundation MediaWiki↗2026-02-03

▶

OSV

CVE-2025-6589: Vulnerability in Wikimedia Foundation MediaWiki↗2026-02-02

▶

📋Vendor Advisories

Debian

CVE-2025-6589: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-6589 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶