CVE-2025-53371 is a critical vulnerability affecting the DiscordNotifications extension for MediaWiki, developed by miraheze. This extension facilitates sending notifications about wiki actions to Discord channels by making HTTP requests to URLs configured via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. The vulnerability arises because the extension allows sending requests using curl and file_get_contents to arbitrary URLs without sufficient validation or restrictions. This can lead to uncontrolled resource consumption (CWE-400) by causing the server to read excessively large files, resulting in denial of service (DoS). Additionally, the ability to send HTTP POST requests to arbitrary URLs enables server-side request forgery (SSRF, CWE-918). SSRF can be leveraged to access internal, unprotected APIs or services within the network that are otherwise inaccessible externally. In some scenarios, SSRF can escalate to remote code execution (RCE) if the internal services are vulnerable or misconfigured. The vulnerability affects all versions of DiscordNotifications prior to the commit 1f20d850cbcce5b15951c7c6127b87b927a5415e, which contains the fix. The CVSS v3.1 base score is 9.1, indicating a critical severity with network attack vector, low attack complexity, requiring low privileges but no user interaction, and impacting confidentiality, integrity, and availability with a scope change. No known exploits are currently reported in the wild, but the potential impact is significant given the nature of the vulnerability and the criticality of the affected systems. The vulnerability was published on July 10, 2025.

For European organizations using MediaWiki with the DiscordNotifications extension, this vulnerability poses a serious risk. Exploitation can lead to denial of service, disrupting wiki-based collaboration, documentation, and knowledge management critical for business operations, research, and public services. SSRF exploitation could allow attackers to pivot into internal networks, accessing sensitive internal APIs or services, potentially leading to data breaches or further compromise. If internal services are vulnerable, SSRF could escalate to remote code execution, allowing full system compromise. This is particularly concerning for public sector organizations, educational institutions, and enterprises relying on MediaWiki for internal knowledge sharing. The disruption or compromise of these systems could impact operational continuity, data confidentiality, and integrity. Given the critical CVSS score and the possibility of scope change, the threat is severe and demands immediate attention.

European organizations should promptly update the DiscordNotifications extension to the fixed version containing commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. Until patching is possible, administrators should restrict or disable the use of $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls to trusted, validated URLs only, preventing arbitrary URL requests. Network-level controls such as firewall rules or web application firewalls (WAF) should be configured to block outgoing HTTP requests to untrusted or internal IP ranges from the MediaWiki server to mitigate SSRF risks. Monitoring and alerting on unusual outbound HTTP requests from the MediaWiki server can help detect exploitation attempts. Additionally, internal APIs should be secured with authentication and network segmentation to reduce the impact of SSRF. Conducting a security review of internal services accessible via HTTP POST requests is recommended to identify and remediate potential RCE vectors. Regular vulnerability scanning and applying security best practices for MediaWiki deployments will further reduce risk.