CVE-2025-53498
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-08
Assigner: wikimedia-foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-778 | When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insufficient Logging issue in the AbuseFilter extension of MediaWiki. It allowed privileged users (with checkuser and sysop rights) to test filter patterns involving protected variables without generating any log entries. This meant they could infer sensitive information about user actions or attributes through trial-and-error testing without leaving an audit trail, potentially exposing protected data without detection. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information by allowing privileged users to access protected variables without logging. This lack of audit trail means that sensitive user data could be exposed or inferred without detection, increasing the risk of data leakage and undermining trust in the system's security controls. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the logs of the AbuseFilter extension in MediaWiki, specifically checking for absence of log entries when privileged users test filter patterns involving protected variables via the Special:AbuseFilter/test page. To detect exploitation attempts, verify if filter tests involving protected variables are being performed without corresponding log entries. Setting up a local MediaWiki environment with the AbuseFilter and IPReputation extensions and simulating filter tests on protected variables can help reproduce and detect the issue. There are no specific commands provided, but reviewing MediaWiki logs for missing audit entries during AbuseFilter batch testing is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the AbuseFilter extension to a fixed version: 1.39.13 or later for the 1.39.X branch, 1.42.7 or later for the 1.42.X branch, and 1.43.2 or later for the 1.43.X branch. The fix ensures that any access to protected variables during batch testing is properly logged, preventing silent data leakage. Additionally, restrict the use of the AbuseFilter batch testing tool to trusted users and monitor logs for suspicious activity. Applying the patch from the Wikimedia Foundation and verifying that logging is enabled for protected variable access will mitigate the vulnerability. [1]