CVE-2025-6592 — Improper Access Control in Foundation Abusefilter

CWE-284 — Improper Access Control CWE-672 — Operation on a Resource after Expiration or Release CWE-253 — Incorrect Check of Function Return Value7 documents6 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 95.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wikimedia Foundation Abusefilter Mediawiki Debian Mediawiki

Timeline

PublishedFeb 2

Latest updateFeb 3

Description

Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5wikimedia_foundation/abusefilterfe0b1cb9e9691faf4d8d9bd80646589f6ec37615 — 1.43.2, 1.44.0

▶debiandebian/mediawiki< mediawiki 1:1.43.3+dfsg-1 (forky)

▶Debianmediawiki/mediawiki< 1:1.43.3+dfsg-1+1

🔴Vulnerability Details

GHSA

GHSA-9r44-56w8-gqrx: Vulnerability in Wikimedia Foundation AbuseFilter↗2026-02-03

▶

OSV

CVE-2025-6592: Vulnerability in Wikimedia Foundation AbuseFilter↗2026-02-02

▶

📋Vendor Advisories

Red Hat

kernel: btrfs: fix assertion when building free space tree↗2025-08-16

▶

Red Hat

kernel: net: drv: netdevsim: don't napi_complete() from netpoll↗2025-07-10

▶

Debian

CVE-2025-6592: mediawiki - Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associa...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-6592 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶