CVE-2025-6926

HIGH EPSS 29.6%

Published Jul 3, 202512mo ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Jul 3, 2025 12mo ago

Last Modified Jun 17, 2026 1w ago

Description

Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

29.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

References 3

gerrit.wikimedia.org https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165117
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/07/msg00012.html
phabricator.wikimedia.org https://phabricator.wikimedia.org/T389010

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.