Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-67482

CVE-2025-67482: Wikimedia Scribunto RCE Vulnerability

CVE-2025-67482 is a remote code execution vulnerability in Wikimedia Foundation Scribunto and luasandbox that allows attackers to execute arbitrary code. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2025-67482 Overview

CVE-2025-67482 is a vulnerability affecting Wikimedia Foundation's Scribunto extension and the luasandbox library. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua and library.C. The flaw exists in the Lua scripting engine components used by MediaWiki to provide secure execution of Lua scripts within wiki templates.

Critical Impact

This vulnerability could allow an attacker to cause limited availability impact through network-based attack vectors, though exploitation requires high complexity and specific conditions to be present.

Affected Products

  • Scribunto: versions before 1.39.16, 1.43.6, 1.44.3, 1.45.1
  • luasandbox: versions before commit fea2304f8f6ab30314369a612f4f5b165e68e95a

Discovery Timeline

  • 2026-02-03 - CVE CVE-2025-67482 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2025-67482

Vulnerability Analysis

This vulnerability affects the Lua execution environment within MediaWiki's Scribunto extension and the underlying luasandbox library. The affected components are mwInit.Lua in the LuaCommon engine and library.C in the luasandbox library. These components are responsible for initializing and managing the sandboxed Lua environment that allows wiki administrators and editors to create dynamic content through Lua scripts.

The vulnerability can be exploited over the network, though it requires high attack complexity and specific preconditions to be present. When exploited, the vulnerability has limited impact on availability, with no impact on confidentiality or integrity. The vulnerability appears to be related to improper handling within the Lua sandbox initialization or library loading mechanisms.

Root Cause

The root cause of this vulnerability lies within the Lua execution environment components, specifically in mwInit.Lua and library.C. These files handle the initialization of the Lua sandbox and the loading of libraries within the sandboxed environment. A flaw in these components could potentially allow unexpected behavior that affects system availability under specific conditions. Technical details can be found in the Wikimedia Security Task Summary.

Attack Vector

The attack vector for CVE-2025-67482 is network-based, meaning an attacker does not require local access to exploit this vulnerability. However, exploitation requires high complexity and specific preconditions to be present, making successful attacks more difficult to achieve. The vulnerability does not require user interaction or special privileges, but the limited impact scope means successful exploitation would only affect availability to a limited degree.

The vulnerability mechanism involves the Lua sandbox initialization and library loading components. Specific technical details regarding the exploitation pathway are documented in the Wikimedia security advisory. No verified proof-of-concept code is publicly available for this vulnerability.

Detection Methods for CVE-2025-67482

Indicators of Compromise

  • Monitor for unusual Lua script execution patterns or errors in MediaWiki logs
  • Check for unexpected resource consumption related to Lua script processing
  • Review access logs for suspicious requests targeting wiki pages with heavy Lua template usage

Detection Strategies

  • Implement logging for Lua sandbox initialization failures or unexpected behavior
  • Monitor MediaWiki error logs for exceptions related to Scribunto or luasandbox components
  • Deploy network monitoring to detect unusual traffic patterns targeting wiki infrastructure

Monitoring Recommendations

  • Enable verbose logging for Scribunto extension operations
  • Set up alerts for abnormal Lua execution times or resource usage
  • Monitor system availability metrics for MediaWiki servers running affected versions

How to Mitigate CVE-2025-67482

Immediate Actions Required

  • Update Scribunto to version 1.39.16, 1.43.6, 1.44.3, or 1.45.1 depending on your MediaWiki branch
  • Update luasandbox to commit fea2304f8f6ab30314369a612f4f5b165e68e95a or later
  • Review Wikimedia security advisory at Phabricator T408135 for specific guidance

Patch Information

Patches are available for affected versions of Scribunto and luasandbox. For Scribunto, update to the following patched versions based on your MediaWiki installation:

  • MediaWiki 1.39.x: Update to Scribunto 1.39.16
  • MediaWiki 1.43.x: Update to Scribunto 1.43.6
  • MediaWiki 1.44.x: Update to Scribunto 1.44.3
  • MediaWiki 1.45.x: Update to Scribunto 1.45.1

For luasandbox, update to commit fea2304f8f6ab30314369a612f4f5b165e68e95a or any subsequent version. Consult the official Wikimedia security documentation for detailed patch application instructions.

Workarounds

  • If immediate patching is not possible, consider temporarily disabling Lua scripting features by disabling the Scribunto extension
  • Implement rate limiting on wiki page requests that utilize Lua templates
  • Monitor and restrict access to pages with heavy Lua template usage until patches can be applied

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.