CVE-2025-6597Path Traversal in Foundation Mediawiki

CWE-22Path TraversalCWE-654Reliance on a Single Factor in a Security Decision6 documents6 sources
Severity
0.0N/ANVD
EPSS
0.0%
top 93.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Wikimedia Foundation MediawikiMediawikiDebian Mediawiki
Timeline
PublishedFeb 2
Latest updateFeb 3

Description

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5wikimedia_foundation/mediawiki*1.39.13, 1.42.7, 1.43.2, 1.44.0
debiandebian/mediawiki< mediawiki 1:1.39.13-1~deb12u1 (bookworm)
Debianmediawiki/mediawiki< 1:1.35.13-1+deb11u4+3

🔴Vulnerability Details

2
GHSA
GHSA-xrvg-9c6x-8hxj: Vulnerability in Wikimedia Foundation MediaWiki2026-02-03
OSV
CVE-2025-6597: Vulnerability in Wikimedia Foundation MediaWiki2026-02-02

📋Vendor Advisories

2
Red Hat
MediaWiki: MediaWiki: Vulnerability in authentication management2026-02-02
Debian
CVE-2025-6597: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-6597 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-6597 — Path Traversal in Foundation Mediawiki | cvebase