CVE-2025-6926 — Improper Authentication in Foundation Mediawiki Centralauth Extension

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 74.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wikimedia Foundation Mediawiki Centralauth Extension Mediawiki Debian Mediawiki

Timeline

PublishedJul 3

Description

Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5wikimedia_foundation/mediawiki_centralauth_extension1.39.x — 1.39.13+2

▶debiandebian/mediawiki< mediawiki 1:1.39.13-1~deb12u1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.35.13-1+deb11u4+3

🔴Vulnerability Details

OSV

CVE-2025-6926: Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication↗2025-07-03

▶

GHSA

GHSA-r9mp-767w-88m3: Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication↗2025-07-03

▶

📋Vendor Advisories

Debian

CVE-2025-6926: mediawiki - Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - Centra...↗2025

▶