CVE-2025-53485: CWE-862 Missing Authorization in Wikimedia Foundation Mediawiki - SecurePoll extension
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI Analysis
Technical Summary
CVE-2025-53485 is a high-severity vulnerability affecting the SecurePoll extension of the Wikimedia Foundation's MediaWiki software, specifically versions 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability is classified under CWE-862, which refers to missing authorization. The core issue lies in the SetTranslationHandler.php component of the SecurePoll extension, which fails to properly verify whether the user attempting to modify election-related translation text is an authorized election administrator. This lack of authorization validation means that any user, including unauthenticated users, can alter translation strings related to elections. Although newer MediaWiki versions have partially addressed this issue, the authorization check remains incomplete, leaving the vulnerability exploitable. The CVSS 3.1 base score is 7.5, indicating a high severity level, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This means the vulnerability can be exploited remotely over the network without any privileges or user interaction, causing a high impact on integrity but no impact on confidentiality or availability. The vulnerability does not currently have known exploits in the wild, but its nature allows an attacker to manipulate election-related content, potentially undermining the trustworthiness and accuracy of election information presented via MediaWiki platforms using SecurePoll. This could lead to misinformation or manipulation of election outcomes or perceptions if the affected MediaWiki instances are used for election management or reporting.
Potential Impact
For European organizations, especially those involved in political processes, public administration, or civic engagement that utilize MediaWiki with the SecurePoll extension, this vulnerability poses a significant risk. The ability for unauthenticated users to modify election-related translation text could lead to misinformation, manipulation of election data, or disruption of election-related communications. This undermines the integrity of election processes and could erode public trust in democratic institutions. Additionally, organizations using MediaWiki for internal polling or decision-making processes may experience compromised data integrity, affecting governance and operational decisions. The impact is particularly critical in countries with high reliance on digital platforms for election transparency and citizen engagement. Furthermore, misinformation propagated through altered translations can have cascading effects on social stability and political discourse within European societies.
Mitigation Recommendations
To mitigate this vulnerability, organizations should immediately upgrade the SecurePoll extension to the latest patched versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. If upgrading is not immediately feasible, organizations should implement strict access controls at the web server or application firewall level to restrict access to the SetTranslationHandler.php endpoint to authorized election administrators only. Additionally, auditing and monitoring of translation changes related to elections should be enhanced to detect unauthorized modifications promptly. Organizations should also review and harden their MediaWiki configurations to enforce role-based access controls and validate user permissions rigorously. Finally, educating administrators about this vulnerability and encouraging prompt patch management practices will reduce exposure time.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Austria
CVE-2025-53485: CWE-862 Missing Authorization in Wikimedia Foundation Mediawiki - SecurePoll extension
Description
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-53485 is a high-severity vulnerability affecting the SecurePoll extension of the Wikimedia Foundation's MediaWiki software, specifically versions 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability is classified under CWE-862, which refers to missing authorization. The core issue lies in the SetTranslationHandler.php component of the SecurePoll extension, which fails to properly verify whether the user attempting to modify election-related translation text is an authorized election administrator. This lack of authorization validation means that any user, including unauthenticated users, can alter translation strings related to elections. Although newer MediaWiki versions have partially addressed this issue, the authorization check remains incomplete, leaving the vulnerability exploitable. The CVSS 3.1 base score is 7.5, indicating a high severity level, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This means the vulnerability can be exploited remotely over the network without any privileges or user interaction, causing a high impact on integrity but no impact on confidentiality or availability. The vulnerability does not currently have known exploits in the wild, but its nature allows an attacker to manipulate election-related content, potentially undermining the trustworthiness and accuracy of election information presented via MediaWiki platforms using SecurePoll. This could lead to misinformation or manipulation of election outcomes or perceptions if the affected MediaWiki instances are used for election management or reporting.
Potential Impact
For European organizations, especially those involved in political processes, public administration, or civic engagement that utilize MediaWiki with the SecurePoll extension, this vulnerability poses a significant risk. The ability for unauthenticated users to modify election-related translation text could lead to misinformation, manipulation of election data, or disruption of election-related communications. This undermines the integrity of election processes and could erode public trust in democratic institutions. Additionally, organizations using MediaWiki for internal polling or decision-making processes may experience compromised data integrity, affecting governance and operational decisions. The impact is particularly critical in countries with high reliance on digital platforms for election transparency and citizen engagement. Furthermore, misinformation propagated through altered translations can have cascading effects on social stability and political discourse within European societies.
Mitigation Recommendations
To mitigate this vulnerability, organizations should immediately upgrade the SecurePoll extension to the latest patched versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. If upgrading is not immediately feasible, organizations should implement strict access controls at the web server or application firewall level to restrict access to the SetTranslationHandler.php endpoint to authorized election administrators only. Additionally, auditing and monitoring of translation changes related to elections should be enhanced to detect unauthorized modifications promptly. Organizations should also review and harden their MediaWiki configurations to enforce role-based access controls and validate user permissions rigorously. Finally, educating administrators about this vulnerability and encouraging prompt patch management practices will reduce exposure time.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- wikimedia-foundation
- Date Reserved
- 2025-06-30T15:20:44.462Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 686815556f40f0eb72a1e957
Added to database: 7/4/2025, 5:54:29 PM
Last enriched: 7/14/2025, 9:17:35 PM
Last updated: 7/14/2025, 9:17:35 PM
Views: 12
Related Threats
CVE-2025-7735: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in UNIMAX Hospital Information System
HighCVE-2025-7712: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MangaBooth Madara - Core
CriticalCVE-2025-7729: Cross Site Scripting in Scada-LTS
MediumCVE-2025-5396: CWE-94 Improper Control of Generation of Code ('Code Injection') in Bearsthemes Bears Backup
CriticalCVE-2025-7728: Cross Site Scripting in Scada-LTS
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.