CVE-2025-12004 | THREATINT

Description

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.

PUBLISHED Reserved 2025-10-21 | Published 2025-10-21 | Updated 2025-10-21 | Assigner wikimedia-foundation

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

master (semver) before 1.42

affected

Credits

Dianliang233 finder

daniel remediation developer

References

phabricator.wikimedia.org/T397521

gerrit.wikimedia.org/...382743957004fa7fc56318fc104d8e2d267b

cve.org (CVE-2025-12004)

nvd.nist.gov (CVE-2025-12004)

Download JSON