ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 19 Sep 2025 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:miraheze:managewiki:*:*:*:*:*:mediawiki:*:*

Tue, 22 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 22 Apr 2025 17:30:00 +0000

Type Values Removed Values Added
Description ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.
Title ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-04-22T17:35:37.926Z

Reserved: 2025-04-14T21:47:11.453Z

Link: CVE-2025-32964

cve-icon Vulnrichment

Updated: 2025-04-22T17:35:29.776Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-22T18:16:00.847

Modified: 2025-09-19T15:46:04.070

Link: CVE-2025-32964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T16:01:42Z