CVE-2025-23073

State: PUBLISHED · Published: 2025-01-14 · Updated: 2025-10-16 · Assigner: wikimedia-foundation

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.

CWE

CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-88 — CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Affected

Wikimedia Foundation / Mediawiki - GlobalBlocking Extension — v=master [affected]

CVSS

(none)

References

https://phabricator.wikimedia.org/T377855
https://gerrit.wikimedia.org/r/q/I2a2d32aedf6328be0a9f1b4e04a6567a25f19486

Source

cvelistV5-main/cves/2025/23xxx/CVE-2025-23073.json