Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-67484

CVE-2025-67484: MediaWiki API Format XML Vulnerability

CVE-2025-67484 is a security flaw in MediaWiki affecting the ApiFormatXml.php component. This vulnerability impacts multiple versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1. This article covers technical details, impact, and mitigation.

Published:

CVE-2025-67484 Overview

CVE-2025-67484 is a vulnerability affecting Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. The issue affects MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1.

Critical Impact

This vulnerability affects the XML API formatting component of MediaWiki and requires high privileges to exploit. While the CVSS 4.0 score indicates no direct confidentiality, integrity, or availability impact, organizations running affected MediaWiki versions should review the advisory for potential edge cases.

Affected Products

  • MediaWiki versions before 1.39.16
  • MediaWiki versions before 1.43.6
  • MediaWiki versions before 1.44.3
  • MediaWiki versions before 1.45.1

Discovery Timeline

  • 2026-02-03 - CVE CVE-2025-67484 published to NVD
  • 2026-02-03 - Last updated in NVD database

Technical Details for CVE-2025-67484

Vulnerability Analysis

This vulnerability resides within the ApiFormatXml.Php file, which is responsible for formatting API responses in XML format within MediaWiki. The issue appears to involve the XML formatting logic used when generating API output responses. While specific technical details are limited, the vulnerability requires high privileges (administrator-level access) to exploit, and according to the CVSS 4.0 assessment, does not directly impact confidentiality, integrity, or availability of the system.

The network-accessible nature of this vulnerability means it can potentially be triggered remotely by authenticated users with elevated privileges through API requests that invoke the XML formatting functionality.

Root Cause

The root cause is associated with the includes/Api/ApiFormatXml.Php component in MediaWiki. This file handles the conversion of API response data into XML format. The specific implementation flaw has not been publicly detailed, but the vulnerability tracking indicates an issue in how this formatting component processes certain inputs or generates output. For complete technical details, administrators should review the Wikimedia Task T401995.

Attack Vector

The attack vector is network-based, meaning exploitation can occur remotely over the network. However, the vulnerability requires high privileges to exploit, significantly limiting the potential attack surface. An attacker would need:

  1. Network access to the target MediaWiki instance
  2. Valid credentials with elevated (administrative) privileges
  3. The ability to make API requests that trigger the XML formatting functionality

The exploitation does not require user interaction, but the high privilege requirement substantially reduces the risk of opportunistic attacks.

Detection Methods for CVE-2025-67484

Indicators of Compromise

  • Unusual API requests targeting XML format output endpoints from administrative accounts
  • Unexpected patterns in API access logs involving the XML formatter
  • Anomalous behavior in MediaWiki administrative sessions

Detection Strategies

  • Monitor API request logs for suspicious activity targeting the XML output format
  • Implement alerting on unusual administrative account activity involving API endpoints
  • Review MediaWiki access logs for repeated or anomalous requests to /api.php with format=xml parameters

Monitoring Recommendations

  • Enable detailed logging for MediaWiki API requests
  • Configure SIEM rules to correlate administrative access with API formatting requests
  • Regularly audit administrative account usage and API access patterns

How to Mitigate CVE-2025-67484

Immediate Actions Required

  • Upgrade MediaWiki to version 1.39.16, 1.43.6, 1.44.3, or 1.45.1 or later depending on your release branch
  • Review administrative account access and ensure principle of least privilege
  • Audit API access logs for any suspicious activity prior to patching

Patch Information

Wikimedia Foundation has addressed this vulnerability in MediaWiki versions 1.39.16, 1.43.6, 1.44.3, and 1.45.1. Organizations should update to the appropriate patched version based on their current MediaWiki release branch. Additional details can be found in the Wikimedia Task T401995.

Workarounds

  • Restrict administrative account access to trusted users only
  • Implement network-level access controls to limit who can reach the MediaWiki API
  • Consider temporarily disabling XML format API output if not required for operations
  • Monitor and audit all API requests until patching is complete
bash
# Example: Check current MediaWiki version
php maintenance/version.php

# Update MediaWiki to patched version (example using git)
cd /var/www/mediawiki
git fetch --tags
git checkout REL1_39  # or appropriate branch
git pull
php maintenance/update.php

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.