CVE-2025-32696 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-32696

CVE-2025-32696

April 10, 2025

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

Affected Packages

https://github.com/wikimedia/mediawiki.git (GITHUB):

Affected version(s) >=1.1.0 <1.39.12

Fix Suggestion:

Update to version 1.39.12

https://github.com/wikimedia/mediawiki.git (GITHUB):

Affected version(s) >=1.40.0 <1.42.6

Fix Suggestion:

Update to version 1.42.6

https://github.com/wikimedia/mediawiki.git (GITHUB):

Affected version(s) =1.43.0 <1.43.1

Fix Suggestion:

Update to version 1.43.1

Related Resources (2)

https://lists.debian.org/debian-lts-announce/2025/07/msg00012.html

https://phabricator.wikimedia.org/T304474

Do you need more information?

CVSS v3

Base Score:

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

EPSS

Base Score:

0.27

Products

Solutions

Resources

Company

Compare

Developer Tools