CVE-2025-32697 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-32697

CVE-2025-32697

April 10, 2025

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.

Affected Packages

https://github.com/wikimedia/mediawiki.git (GITHUB):

Affected version(s) =1.43.0 <1.43.1

Fix Suggestion:

Update to version 1.43.1

https://github.com/wikimedia/mediawiki.git (GITHUB):

Affected version(s) >=1.1.0 <1.42.6

Fix Suggestion:

Update to version 1.42.6

Related Resources (3)

https://phabricator.wikimedia.org/T24521

https://phabricator.wikimedia.org/T62109

https://phabricator.wikimedia.org/T140010

Do you need more information?

CVSS v3

Base Score:

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

EPSS

Base Score:

0.26

Products

Solutions

Resources

Company

Compare

Developer Tools