CVE-2025-23073: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Wikimedia Foundation Mediawiki - GlobalBlocking Extension
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.
AI Analysis
Technical Summary
CVE-2025-23073 is a vulnerability identified in the Wikimedia Foundation's MediaWiki GlobalBlocking Extension, specifically in its master development branch. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-88 (Argument Injection or Modification), indicating that sensitive data embedded within the extension can be retrieved by unauthorized actors. The flaw allows an attacker with low privileges (PR:L) and requiring user interaction (UI:R) to access sensitive information over the network (AV:N) without impacting the integrity or availability of the system. The CVSS v3.1 base score is 3.5, reflecting a low severity due to limited impact and exploitation complexity. The vulnerability was brief and affected only the master branch, implying it was present in development or staging environments rather than widely deployed production versions. No known exploits are reported in the wild, and no patches have been linked yet, suggesting the issue is newly disclosed and likely under remediation. The vulnerability could expose sensitive configuration or operational data embedded in the GlobalBlocking Extension, which could aid attackers in reconnaissance or further attacks if combined with other vulnerabilities. The GlobalBlocking Extension is used to coordinate blocking of disruptive users across Wikimedia projects, so exposure of its sensitive data could potentially reveal internal blocking policies or user information.
Potential Impact
For European organizations using MediaWiki with the GlobalBlocking Extension, the impact is generally low but non-negligible. Exposure of sensitive information could lead to privacy violations or assist attackers in crafting targeted attacks by revealing internal blocking mechanisms or user data. Organizations running development or staging environments with the master branch are at higher risk since the vulnerability was present there. Public Wikimedia projects in Europe might be less affected if they do not run the vulnerable branch. However, any European institution or company relying on MediaWiki for internal knowledge management that uses this extension should consider the risk of sensitive data leakage. The impact on confidentiality is limited but could facilitate further exploitation if combined with other vulnerabilities. Integrity and availability are not affected. The low CVSS score reflects the limited scope and complexity, but the exposure of sensitive data still warrants attention, especially in regulated environments with strict data protection requirements such as GDPR.
Mitigation Recommendations
1. Immediately audit MediaWiki installations to determine if the GlobalBlocking Extension master branch or development versions are in use, especially in staging or test environments. 2. Restrict network access to MediaWiki instances running the vulnerable extension to trusted users only, using network segmentation and access control lists. 3. Monitor logs for unusual access patterns or attempts to retrieve sensitive data from the GlobalBlocking Extension endpoints. 4. Avoid deploying development or master branch versions of MediaWiki extensions in production environments. 5. Once patches or updates are released by the Wikimedia Foundation, apply them promptly to remove the vulnerability. 6. Implement strict role-based access controls within MediaWiki to limit privileges that could be exploited to retrieve sensitive data. 7. Educate administrators about the risks of running unpatched or development branch software and encourage adherence to stable release channels. 8. Consider additional application-layer protections such as Web Application Firewalls (WAFs) to detect and block suspicious requests targeting the GlobalBlocking Extension.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Poland
CVE-2025-23073: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Wikimedia Foundation Mediawiki - GlobalBlocking Extension
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.
AI-Powered Analysis
Technical Analysis
CVE-2025-23073 is a vulnerability identified in the Wikimedia Foundation's MediaWiki GlobalBlocking Extension, specifically in its master development branch. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-88 (Argument Injection or Modification), indicating that sensitive data embedded within the extension can be retrieved by unauthorized actors. The flaw allows an attacker with low privileges (PR:L) and requiring user interaction (UI:R) to access sensitive information over the network (AV:N) without impacting the integrity or availability of the system. The CVSS v3.1 base score is 3.5, reflecting a low severity due to limited impact and exploitation complexity. The vulnerability was brief and affected only the master branch, implying it was present in development or staging environments rather than widely deployed production versions. No known exploits are reported in the wild, and no patches have been linked yet, suggesting the issue is newly disclosed and likely under remediation. The vulnerability could expose sensitive configuration or operational data embedded in the GlobalBlocking Extension, which could aid attackers in reconnaissance or further attacks if combined with other vulnerabilities. The GlobalBlocking Extension is used to coordinate blocking of disruptive users across Wikimedia projects, so exposure of its sensitive data could potentially reveal internal blocking policies or user information.
Potential Impact
For European organizations using MediaWiki with the GlobalBlocking Extension, the impact is generally low but non-negligible. Exposure of sensitive information could lead to privacy violations or assist attackers in crafting targeted attacks by revealing internal blocking mechanisms or user data. Organizations running development or staging environments with the master branch are at higher risk since the vulnerability was present there. Public Wikimedia projects in Europe might be less affected if they do not run the vulnerable branch. However, any European institution or company relying on MediaWiki for internal knowledge management that uses this extension should consider the risk of sensitive data leakage. The impact on confidentiality is limited but could facilitate further exploitation if combined with other vulnerabilities. Integrity and availability are not affected. The low CVSS score reflects the limited scope and complexity, but the exposure of sensitive data still warrants attention, especially in regulated environments with strict data protection requirements such as GDPR.
Mitigation Recommendations
1. Immediately audit MediaWiki installations to determine if the GlobalBlocking Extension master branch or development versions are in use, especially in staging or test environments. 2. Restrict network access to MediaWiki instances running the vulnerable extension to trusted users only, using network segmentation and access control lists. 3. Monitor logs for unusual access patterns or attempts to retrieve sensitive data from the GlobalBlocking Extension endpoints. 4. Avoid deploying development or master branch versions of MediaWiki extensions in production environments. 5. Once patches or updates are released by the Wikimedia Foundation, apply them promptly to remove the vulnerability. 6. Implement strict role-based access controls within MediaWiki to limit privileges that could be exploited to retrieve sensitive data. 7. Educate administrators about the risks of running unpatched or development branch software and encourage adherence to stable release channels. 8. Consider additional application-layer protections such as Web Application Firewalls (WAFs) to detect and block suspicious requests targeting the GlobalBlocking Extension.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- wikimedia-foundation
- Date Reserved
- 2025-01-10T17:00:37.684Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68f178b69f8a5dbaea26afab
Added to database: 10/16/2025, 10:59:02 PM
Last enriched: 10/16/2025, 11:13:55 PM
Last updated: 10/19/2025, 10:32:02 AM
Views: 24
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-11940: Uncontrolled Search Path in LibreWolf
HighCVE-2025-11939: Path Traversal in ChurchCRM
MediumCVE-2025-11938: Deserialization in ChurchCRM
MediumCVE-2025-62672: CWE-770 Allocation of Resources Without Limits or Throttling in boyns rplay
MediumCVE-2025-47410: CWE-352 Cross-Site Request Forgery (CSRF) in Apache Software Foundation Apache Geode
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.