CVE-2025-53481
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: wikimedia-foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53481 is a denial of service (DoS) vulnerability in the MediaWiki IPInfo extension. It occurs because of inefficient and improperly indexed SQL database queries when looking up IP addresses with no associated edits, causing very long query times (around 26 seconds). This excessive resource consumption can degrade service availability. The issue was fixed by optimizing the SQL queries, using the correct actor ID instead of IP address, improving indexing, and adding conditions to handle edge cases. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing denial of service due to excessive resource consumption. Specifically, it can lead to very slow database queries when the IPInfo extension processes certain IP lookups, potentially degrading the performance and availability of the MediaWiki service. Attackers could exploit this to slow down or disrupt the service. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusually long MySQL query times, especially queries related to the IPInfo extension's ipinfo/v0/norevision endpoint. Specifically, look for slow queries involving the abuse_filter_log and cu_private_event tables. You can use MySQL's slow query log to identify queries taking excessively long (e.g., around 26 seconds). Commands such as `SHOW PROCESSLIST;` or querying the slow query log file can help detect these delays. Additionally, monitoring HTTP request logs for repeated or slow responses to the ipinfo/v0/norevision endpoint may indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the patches released for the MediaWiki IPInfo extension that optimize SQL queries, correct actor ID usage, and improve indexing. If patching is not immediately possible, restrict access to the ipinfo/v0/norevision endpoint to trusted users only to reduce exposure. Monitoring and limiting requests to this endpoint can also help mitigate denial of service risks until the fix is applied. [1]