CVE-2025-53501

Published: Jul 3, 2025Modified: Oct 1, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Affected (1)

Products: Xtex: Scribunto

1 product

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Xtex Scribunto	All versions

Running on/with	Platform Versions
Mediawiki Mediawiki	From 1.39.0 to 1.39.12
Mediawiki Mediawiki	From 1.42.0 to 1.42.7
Mediawiki Mediawiki	From 1.43.0 to 1.43.2

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1164541

Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Patch

https://phabricator.wikimedia.org/T397524

Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

ExploitIssue TrackingPatch

Timeline

No history available yet.