Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 01 Oct 2025 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Mediawiki
Mediawiki mediawiki
Xtex
Xtex scribunto
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xtex:scribunto:-:*:*:*:*:mediawiki:*:*
Vendors & Products Mediawiki
Mediawiki mediawiki
Xtex
Xtex scribunto

Thu, 03 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 03 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
Description Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Title Content Access Bypass in Scribunto
Weaknesses CWE-284
References

cve-icon MITRE

Status: PUBLISHED

Assigner: wikimedia-foundation

Published:

Updated: 2025-07-10T23:37:33.152Z

Reserved: 2025-06-30T15:36:41.721Z

Link: CVE-2025-53501

cve-icon Vulnrichment

Updated: 2025-07-03T17:51:33.503Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-03T17:15:40.127

Modified: 2025-10-01T14:17:35.283

Link: CVE-2025-53501

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.