CVE-2025-32964 is an improper authorization vulnerability (CWE-285) found in the ManageWiki extension for MediaWiki, developed by miraheze. ManageWiki facilitates the management of multiple wikis and their extensions. The vulnerability exists in versions prior to commit 00bebea, where enabling a conflicting extension could lead to an automatic disabling of a restricted extension without verifying if the user held the necessary ManageWiki-restricted rights. Essentially, users lacking proper authorization could indirectly affect the state of restricted extensions by enabling conflicting ones, bypassing intended permission checks. This flaw arises from insufficient enforcement of permission requirements when managing extensions that have conflicts, allowing unauthorized users to alter extension states that should be protected. The issue was addressed in commit 00bebea by ensuring that extensions listed in the $wgManageWikiExtensions configuration require consistent permission checks for managing conflicting extensions. No known exploits have been reported in the wild to date. The vulnerability impacts the integrity and potentially availability of wiki extensions by allowing unauthorized modification of extension states, which could disrupt wiki functionality or security controls. Exploitation does not require user interaction beyond the ability to enable extensions, but does require some level of access to the ManageWiki interface. The scope is limited to installations using ManageWiki with conflicting extensions configured. This vulnerability is categorized as medium severity due to its potential to bypass authorization controls but limited by the prerequisite access level and lack of direct remote exploitation vectors.

For European organizations using MediaWiki with the ManageWiki extension, this vulnerability could lead to unauthorized changes in wiki extension configurations, potentially disrupting internal knowledge management systems or exposing sensitive information if restricted extensions are disabled improperly. Organizations relying on wikis for documentation, collaboration, or knowledge sharing could face integrity issues, where unauthorized users modify extension states, possibly leading to degraded wiki functionality or exposure of restricted content. While the vulnerability does not directly allow remote code execution or data exfiltration, the improper authorization could be leveraged as part of a broader attack chain, especially in environments where wiki access controls are critical. The impact is more pronounced in sectors with strict compliance requirements or where wikis contain sensitive operational or strategic information, such as government agencies, research institutions, and large enterprises prevalent in Europe. Disruption of wiki services could affect productivity and information reliability. However, the lack of known exploits and the requirement for some level of authenticated access reduce the immediate risk level.

Upgrade ManageWiki to the version including commit 00bebea or later, which patches the improper authorization flaw. Review and audit the $wgManageWikiExtensions configuration to ensure that all extensions requiring specific permissions also enforce these permissions consistently when managing conflicting extensions. Implement strict access controls on who can enable or disable extensions within ManageWiki, limiting this capability to trusted administrators only. Monitor and log all extension management activities to detect unauthorized attempts to enable or disable extensions. Conduct regular permission reviews and penetration testing focused on wiki management interfaces to identify potential authorization bypasses. Educate administrators on the risks of enabling conflicting extensions and the importance of adhering to permission models within ManageWiki.