CVE-2025-6927 — Path Traversal in Foundation Mediawiki

CWE-22 — Path Traversal CWE-213 — Exposure of Sensitive Information Due to Incompatible Policies6 documents6 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 92.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wikimedia Foundation Mediawiki Mediawiki Debian Mediawiki

Timeline

PublishedFeb 2

Latest updateFeb 3

Description

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5wikimedia_foundation/mediawiki>= 1.42.0 — 1.39.13, 1.42.7 1.43.2, 1.44.0

▶debiandebian/mediawiki< mediawiki 1:1.43.3+dfsg-1 (forky)

▶Debianmediawiki/mediawiki< 1:1.43.3+dfsg-1+1

🔴Vulnerability Details

GHSA

GHSA-vw3r-fh3c-r4pj: Vulnerability in Wikimedia Foundation MediaWiki↗2026-02-03

▶

OSV

CVE-2025-6927: Vulnerability in Wikimedia Foundation MediaWiki↗2026-02-02

▶

📋Vendor Advisories

Red Hat

MediaWiki: MediaWiki: Information disclosure via block list handling↗2026-02-02

▶

Debian

CVE-2025-6927: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-6927 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶