CVE-2025-53485
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-08
Assigner: wikimedia-foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SetTranslationHandler.php file of the MediaWiki SecurePoll extension. It does not properly verify that a user is an election admin before allowing changes to election-related translation text. As a result, any user, including unauthenticated ones, can modify this translation text. Although newer versions of MediaWiki partially address this issue, the validation check is still missing in the affected versions.
How can this vulnerability impact me? :
This vulnerability allows unauthorized users to change election-related translation text, which could lead to misinformation or manipulation of election content. This could undermine the integrity and trustworthiness of election-related information presented through the MediaWiki SecurePoll extension.
What immediate steps should I take to mitigate this vulnerability?
Update the MediaWiki SecurePoll extension to a fixed version: at least 1.39.13 if using 1.39.X, at least 1.42.7 if using 1.42.X, or at least 1.43.2 if using 1.43.X. Until then, restrict access to SetTranslationHandler.php to trusted election administrators only to prevent unauthorized changes to election-related translation text.