CVE-2025-67480 Overview
A vulnerability has been identified in Wikimedia Foundation MediaWiki affecting the API module responsible for querying revision data. The vulnerability is associated with the program file includes/Api/ApiQueryRevisionsBase.php, which handles revision-related API queries within the MediaWiki platform.
This issue affects MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1.
Critical Impact
Organizations running affected versions of MediaWiki should review their deployments and apply available patches to ensure API functionality operates securely.
Affected Products
- MediaWiki versions before 1.39.16
- MediaWiki versions before 1.43.6
- MediaWiki versions before 1.44.3
- MediaWiki versions before 1.45.1
Discovery Timeline
- 2026-02-03 - CVE CVE-2025-67480 published to NVD
- 2026-02-03 - Last updated in NVD database
Technical Details for CVE-2025-67480
Vulnerability Analysis
The vulnerability exists within MediaWiki's API infrastructure, specifically in the ApiQueryRevisionsBase.php file. This component is responsible for handling API queries related to page revisions, which is a core functionality used by MediaWiki installations for content versioning and history tracking.
The issue requires network access and authenticated user privileges to exploit. The attack complexity is considered high, meaning specific conditions must be met for successful exploitation. Based on available information, the vulnerability appears to have limited direct security impact on confidentiality, integrity, or availability of the affected system.
MediaWiki deployments that expose API endpoints to users should evaluate their risk posture, particularly in environments where authenticated users interact with revision-related API functions.
Root Cause
The root cause of this vulnerability lies within the includes/Api/ApiQueryRevisionsBase.php file, which serves as the base class for revision-related API queries in MediaWiki. The specific nature of the flaw has not been fully disclosed in public documentation, but the affected component handles the processing and response generation for revision data queries.
Organizations should consult the Wikimedia Task T401053 for detailed technical information about the vulnerability mechanism.
Attack Vector
The vulnerability is exploitable over the network, requiring the attacker to have authenticated access (low privileges) to the MediaWiki instance. The attack does not require user interaction but involves high attack complexity, suggesting that specific preconditions or configurations must be present for successful exploitation.
The exploitation path involves interaction with the MediaWiki API, specifically targeting endpoints that utilize the ApiQueryRevisionsBase class for processing revision queries.
Detection Methods for CVE-2025-67480
Indicators of Compromise
- Unusual or malformed API requests targeting revision-related endpoints such as action=query&prop=revisions
- Anomalous patterns in API access logs associated with authenticated user sessions
- Unexpected behavior in revision query responses or API error messages
Detection Strategies
- Monitor MediaWiki API access logs for suspicious query patterns targeting revision endpoints
- Implement rate limiting and anomaly detection on API endpoints to identify potential exploitation attempts
- Review authentication logs for unusual access patterns from authenticated users interacting with revision APIs
Monitoring Recommendations
- Enable detailed API logging in MediaWiki to capture request parameters and response metadata
- Configure alerting for unexpected API errors or exceptions originating from ApiQueryRevisionsBase.php
- Establish baseline API usage patterns to detect deviations that may indicate exploitation attempts
How to Mitigate CVE-2025-67480
Immediate Actions Required
- Upgrade MediaWiki to version 1.39.16, 1.43.6, 1.44.3, or 1.45.1 or later depending on your release branch
- Review API access controls and ensure authentication requirements are properly enforced
- Audit user accounts with API access privileges to ensure principle of least privilege
Patch Information
Wikimedia Foundation has released patched versions addressing this vulnerability. Organizations should upgrade to the following minimum versions based on their deployment:
| Release Branch | Minimum Safe Version |
|---|---|
| 1.39.x LTS | 1.39.16 |
| 1.43.x | 1.43.6 |
| 1.44.x | 1.44.3 |
| 1.45.x | 1.45.1 |
For additional details, refer to the Wikimedia Task T401053.
Workarounds
- Restrict API access to trusted users and networks until patches can be applied
- Implement web application firewall (WAF) rules to filter suspicious revision API requests
- Consider temporarily disabling or limiting access to revision-related API endpoints if immediate patching is not feasible
- Enable enhanced logging and monitoring on API endpoints to detect potential exploitation attempts
# Example: Restrict API access via Apache configuration
<Location "/api.php">
Require ip 10.0.0.0/8
Require ip 192.168.0.0/16
</Location>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
