Debian Mediawiki vulnerabilities

CVE-2025-11175 [HIGH] CVE-2025-11175: mediawiki - Improper Neutralization of Special Elements used in an Expression Language State... Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43. Scope: local bookworm: resolved bullseye: resolved f

CVE-2025-61641 [LOW] CVE-2025-61641: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm: resolved (fixed in 1:1.39.17-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u5) forky: resolved (fixed in 1:1.43.5+dfsg-1) sid: r

CVE-2025-61653 [LOW] CVE-2025-61653: mediawiki - Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associ... Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm: resolved (fixed in 1:1.39.17-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u5) forky: resolved (fixed in 1:1.43.5+dfsg-1) sid:

CVE-2025-6592 [LOW] CVE-2025-6592: mediawiki - Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associa... Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.3+dfsg-1) sid: resolved (fixed in 1:1.43.3+dfsg-1)

CVE-2025-61639 [LOW] CVE-2025-61639: mediawiki - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki... Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope:

CVE-2025-61644 [NONE] CVE-2025-61644: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4899ecb48ca. Scope: local bookw

CVE-2025-61634 [NONE] CVE-2025-61634: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.5+dfsg-1) sid: resolved (fixed in 1:1.43.5+dfsg-1) trixie: resolved (

CVE-2025-61646 [LOW] CVE-2025-61646: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. Scope: local bookworm: resolved (fixed in 1:1.39.17-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u5) forky: resolved (fixed in 1:1.43.5+d

CVE-2025-6589 [LOW] CVE-2025-6589: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.3+dfsg-1) sid: resolved (fixed in 1:1.43.3+dfsg-1) trixie: resolved (fixed in 1:1.43.3+dfsg-1)

CVE-2025-6927 [LOW] CVE-2025-6927: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.3+dfsg-1) sid: resolve

CVE-2025-6596 [NONE] CVE-2025-6596: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vector: from >= 1.40.0 before 1.42.7, 1.43.2, 1.44.0. Scope: local bookwor

CVE-2025-32698 [LOW] CVE-2025-32698: mediawiki - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki... Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. Scope: local bookworm: resolved (fixed in 1:1.39.12-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u4) f

CVE-2025-61652 [LOW] CVE-2025-61652: mediawiki - Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects Discuss... Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.5+dfsg-1) sid: resolved (fixed in 1:1.43.5+dfsg-1) trixie: resolved (fixed in 1:1.43.6+dfsg-1~deb13u1)

CVE-2025-67476 [LOW] CVE-2025-67476: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-32700 [LOW] CVE-2025-32700: mediawiki - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki... Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbuseLog.Php, includes/View/AbuseFilterViewExamine.Php. This issue affects AbuseFilter: from >= 1.43.0 before 1.43.

CVE-2025-67483 [NONE] CVE-2025-67483: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1. Scope: local bookworm: resolved bullseye: resolved forky: resolv

CVE-2025-6593 [LOW] CVE-2025-6593: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associate... Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. Scope: local bookworm: resolved (fixed in 1:1.39.13-1~deb12u1) bullseye: resolved (fixed in 1:1.35.13-1+deb11u4) forky: resolved (fixed in 1:1.43.3+dfsg-1) sid: re

CVE-2025-61637 [NONE] CVE-2025-61637: mediawiki - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1

CVE-2025-61654 [NONE] CVE-2025-61654: mediawiki - Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated w... Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files includes/ThanksQueryHelper.Php. This issue affects Thanks: from * before 1.43.4, 1.44.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 1:1.43.5+dfsg-1) sid: resolved (fixed in 1:1.43.5+dfsg-1) trixie: resolved (fixed in 1:1.43.6+dfsg-1~d

CVE-2025-67482 [LOW] CVE-2025-67482: mediawiki - Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox... Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a. Scope: local bookworm: resolved