CVE-2025-6926

Description

Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

PUBLISHED Reserved 2025-06-30 | Published 2025-07-03 | Updated 2025-11-03 | Assigner wikimedia-foundation

Problem types

CWE-287: Improper Authentication

Product status

Credits

Tgr finder

References

lists.debian.org/debian-lts-announce/2025/07/msg00012.html

phabricator.wikimedia.org/T389010

gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117

cve.org (CVE-2025-6926)

nvd.nist.gov (CVE-2025-6926)

Download JSON