Skip to main content

CVE-2025-53371: CWE-400: Uncontrolled Resource Consumption in miraheze DiscordNotifications

Critical
VulnerabilityCVE-2025-53371cvecve-2025-53371cwe-400cwe-918
Published: Thu Jul 10 2025 (07/10/2025, 17:26:02 UTC)
Source: CVE Database V5
Vendor/Project: miraheze
Product: DiscordNotifications

Description

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.

AI-Powered Analysis

AILast updated: 07/10/2025, 17:46:13 UTC

Technical Analysis

CVE-2025-53371 is a critical vulnerability affecting the DiscordNotifications extension for MediaWiki, developed by miraheze. This extension facilitates sending notifications about wiki actions to Discord channels by making HTTP requests to URLs configured via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. The vulnerability arises because the extension allows sending requests using curl and file_get_contents to arbitrary URLs without sufficient validation or restrictions. This can lead to uncontrolled resource consumption (CWE-400) by causing the server to read excessively large files, resulting in denial of service (DoS). Additionally, the ability to send HTTP POST requests to arbitrary URLs enables server-side request forgery (SSRF, CWE-918). SSRF can be leveraged to access internal, unprotected APIs or services within the network that are otherwise inaccessible externally. In some scenarios, SSRF can escalate to remote code execution (RCE) if the internal services are vulnerable or misconfigured. The vulnerability affects all versions of DiscordNotifications prior to the commit 1f20d850cbcce5b15951c7c6127b87b927a5415e, which contains the fix. The CVSS v3.1 base score is 9.1, indicating a critical severity with network attack vector, low attack complexity, requiring low privileges but no user interaction, and impacting confidentiality, integrity, and availability with a scope change. No known exploits are currently reported in the wild, but the potential impact is significant given the nature of the vulnerability and the criticality of the affected systems. The vulnerability was published on July 10, 2025.

Potential Impact

For European organizations using MediaWiki with the DiscordNotifications extension, this vulnerability poses a serious risk. Exploitation can lead to denial of service, disrupting wiki-based collaboration, documentation, and knowledge management critical for business operations, research, and public services. SSRF exploitation could allow attackers to pivot into internal networks, accessing sensitive internal APIs or services, potentially leading to data breaches or further compromise. If internal services are vulnerable, SSRF could escalate to remote code execution, allowing full system compromise. This is particularly concerning for public sector organizations, educational institutions, and enterprises relying on MediaWiki for internal knowledge sharing. The disruption or compromise of these systems could impact operational continuity, data confidentiality, and integrity. Given the critical CVSS score and the possibility of scope change, the threat is severe and demands immediate attention.

Mitigation Recommendations

European organizations should promptly update the DiscordNotifications extension to the fixed version containing commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. Until patching is possible, administrators should restrict or disable the use of $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls to trusted, validated URLs only, preventing arbitrary URL requests. Network-level controls such as firewall rules or web application firewalls (WAF) should be configured to block outgoing HTTP requests to untrusted or internal IP ranges from the MediaWiki server to mitigate SSRF risks. Monitoring and alerting on unusual outbound HTTP requests from the MediaWiki server can help detect exploitation attempts. Additionally, internal APIs should be secured with authentication and network segmentation to reduce the impact of SSRF. Conducting a security review of internal services accessible via HTTP POST requests is recommended to identify and remediate potential RCE vectors. Regular vulnerability scanning and applying security best practices for MediaWiki deployments will further reduce risk.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-06-27T12:57:16.121Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686ff8dba83201eaaca8f4d2

Added to database: 7/10/2025, 5:31:07 PM

Last enriched: 7/10/2025, 5:46:13 PM

Last updated: 7/11/2025, 2:30:27 AM

Views: 5

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats