Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-67480

CVE-2025-67480: MediaWiki API Security Vulnerability

CVE-2025-67480 is a security flaw in MediaWiki affecting the ApiQueryRevisionsBase.php file. This vulnerability impacts multiple versions prior to patches. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-67480 Overview

A vulnerability has been identified in Wikimedia Foundation MediaWiki affecting the API module responsible for querying revision data. The vulnerability is associated with the program file includes/Api/ApiQueryRevisionsBase.php, which handles revision-related API queries within the MediaWiki platform.

This issue affects MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1.

Critical Impact

Organizations running affected versions of MediaWiki should review their deployments and apply available patches to ensure API functionality operates securely.

Affected Products

  • MediaWiki versions before 1.39.16
  • MediaWiki versions before 1.43.6
  • MediaWiki versions before 1.44.3
  • MediaWiki versions before 1.45.1

Discovery Timeline

  • 2026-02-03 - CVE CVE-2025-67480 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2025-67480

Vulnerability Analysis

The vulnerability exists within MediaWiki's API infrastructure, specifically in the ApiQueryRevisionsBase.php file. This component is responsible for handling API queries related to page revisions, which is a core functionality used by MediaWiki installations for content versioning and history tracking.

The issue requires network access and authenticated user privileges to exploit. The attack complexity is considered high, meaning specific conditions must be met for successful exploitation. Based on available information, the vulnerability appears to have limited direct security impact on confidentiality, integrity, or availability of the affected system.

MediaWiki deployments that expose API endpoints to users should evaluate their risk posture, particularly in environments where authenticated users interact with revision-related API functions.

Root Cause

The root cause of this vulnerability lies within the includes/Api/ApiQueryRevisionsBase.php file, which serves as the base class for revision-related API queries in MediaWiki. The specific nature of the flaw has not been fully disclosed in public documentation, but the affected component handles the processing and response generation for revision data queries.

Organizations should consult the Wikimedia Task T401053 for detailed technical information about the vulnerability mechanism.

Attack Vector

The vulnerability is exploitable over the network, requiring the attacker to have authenticated access (low privileges) to the MediaWiki instance. The attack does not require user interaction but involves high attack complexity, suggesting that specific preconditions or configurations must be present for successful exploitation.

The exploitation path involves interaction with the MediaWiki API, specifically targeting endpoints that utilize the ApiQueryRevisionsBase class for processing revision queries.

Detection Methods for CVE-2025-67480

Indicators of Compromise

  • Unusual or malformed API requests targeting revision-related endpoints such as action=query&prop=revisions
  • Anomalous patterns in API access logs associated with authenticated user sessions
  • Unexpected behavior in revision query responses or API error messages

Detection Strategies

  • Monitor MediaWiki API access logs for suspicious query patterns targeting revision endpoints
  • Implement rate limiting and anomaly detection on API endpoints to identify potential exploitation attempts
  • Review authentication logs for unusual access patterns from authenticated users interacting with revision APIs

Monitoring Recommendations

  • Enable detailed API logging in MediaWiki to capture request parameters and response metadata
  • Configure alerting for unexpected API errors or exceptions originating from ApiQueryRevisionsBase.php
  • Establish baseline API usage patterns to detect deviations that may indicate exploitation attempts

How to Mitigate CVE-2025-67480

Immediate Actions Required

  • Upgrade MediaWiki to version 1.39.16, 1.43.6, 1.44.3, or 1.45.1 or later depending on your release branch
  • Review API access controls and ensure authentication requirements are properly enforced
  • Audit user accounts with API access privileges to ensure principle of least privilege

Patch Information

Wikimedia Foundation has released patched versions addressing this vulnerability. Organizations should upgrade to the following minimum versions based on their deployment:

Release BranchMinimum Safe Version
1.39.x LTS1.39.16
1.43.x1.43.6
1.44.x1.44.3
1.45.x1.45.1

For additional details, refer to the Wikimedia Task T401053.

Workarounds

  • Restrict API access to trusted users and networks until patches can be applied
  • Implement web application firewall (WAF) rules to filter suspicious revision API requests
  • Consider temporarily disabling or limiting access to revision-related API endpoints if immediate patching is not feasible
  • Enable enhanced logging and monitoring on API endpoints to detect potential exploitation attempts
bash
# Example: Restrict API access via Apache configuration
<Location "/api.php">
    Require ip 10.0.0.0/8
    Require ip 192.168.0.0/16
</Location>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne