CVE-2025-32964

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acd
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gppr

Configurations

No configuration.

History

23 Apr 2025, 14:08

Type	Values Removed	Values Added
Summary		(es) ManageWiki es una extensión de MediaWiki que permite a los usuarios administrar wikis. Antes de la confirmación 00bebea, al habilitar una extensión conflictiva, una extensión restringida se deshabilitaba automáticamente, incluso si el usuario no tenía el permiso restringido de ManageWiki. Este problema se ha corregido en la confirmación 00bebea. Un workaround consiste en asegurar que las extensiones que requieren permisos específicos en `$wgManageWikiExtensions` también requieran los mismos permisos para administrar las extensiones conflictivas.

22 Apr 2025, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-22 18:16

Updated : 2025-04-23 14:08

NVD link : CVE-2025-32964

Mitre link : CVE-2025-32964

CVE.ORG link : CVE-2025-32964

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

4.6 /10