CVE-2025-12004
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia
Publication date: 2025-10-21
Last updated on: 2025-10-21
Assigner: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Description
Description
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2025-10-21
CVE Last Modified Date:
2025-10-21
Report Generation Date:
2025-11-07
AI Powered Q&A Generation:
2025-10-21
EPSS Last Evaluated Date:
2025-10-22
NVD Report Link: