CVE-2025-32964 | THREATINT

Description

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.

PUBLISHED Reserved 2025-04-14 | Published 2025-04-22 | Updated 2025-04-22 | Assigner GitHub_M

MEDIUM: 4.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Problem types

CWE-285: Improper Authorization

Product status

< 00bebea

affected

References

github.com/...geWiki/security/advisories/GHSA-ccrf-x5rp-gppr

github.com/...ommit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd

cve.org (CVE-2025-32964)

nvd.nist.gov (CVE-2025-32964)

Download JSON