Impact
The vulnerability is a Cross‑Site Request Forgery (CSRF) flaw that allows an attacker to forge requests from a victim who is authenticated to the MediaWiki system. The flaw arises in the RedirectManager Extension before version 1.3.3 and is categorized as CWE‑352. If exploited, an attacker could perform actions such as creating or modifying redirects without the victim’s consent, potentially disrupting site navigation or spreading misinformation. The CVSS score of 6.9 indicates moderate risk, but the absence of a KEV listing and an EPSS score suggests it has not yet been widely abused.
Affected Systems
The flaw affects the Wikimedia Foundation MediaWiki RedirectManager Extension in all releases prior to 1.3.3. Users running an older version of this extension on their MediaWiki installation are potentially exposed to CSRF attacks.
Risk and Exploitability
With a CVSS score of 6.9 the vulnerability carries moderate severity. No EPSS score is available, indicating the exact exploitation probability cannot be quantified, and the flaw is not listed in CISA’s KEV catalog. Attackers would target users who are logged in and who open or interact with a crafted URL that submits a state‑changing request through the vulnerable extension. Because the flaw does not involve privilege escalation or remote code execution, the overall impact is limited to unauthorized content manipulation, but it remains a tangible threat to site integrity.
OpenCVE Enrichment