CVE-2025-53485: CWE-862 Missing Authorization in Wikimedia Foundation Mediawiki - SecurePoll extension
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI Analysis
Technical Summary
CVE-2025-53485 is a security vulnerability identified in the SecurePoll extension of the Wikimedia Foundation's MediaWiki software. The vulnerability is classified under CWE-862, which refers to missing authorization. Specifically, the issue arises in the SetTranslationHandler.php component, where the system fails to verify whether the user attempting to modify election-related translation text holds the necessary election administrator privileges. This flaw allows any user, including unauthenticated users, to alter translation content related to elections. Although newer versions of MediaWiki have partially addressed this issue, the authorization check remains incomplete in affected versions. The vulnerability impacts MediaWiki SecurePoll extension versions 1.39.x prior to 1.39.13, 1.42.x prior to 1.42.7, and 1.43.x prior to 1.43.2. No public exploits are currently known, and no CVSS score has been assigned yet. The vulnerability's root cause is the absence of proper authorization validation, enabling unauthorized modification of sensitive election-related data, which could undermine the integrity and trustworthiness of election processes managed through this extension.
Potential Impact
For European organizations, particularly those involved in governance, public administration, or any entities utilizing MediaWiki with the SecurePoll extension for election or polling purposes, this vulnerability poses a significant risk. Unauthorized modification of election-related translation texts can lead to misinformation, manipulation of election content, and erosion of public trust in digital election tools. This could affect the confidentiality and integrity of election data, potentially influencing voter perception or behavior. Additionally, since the vulnerability allows unauthenticated users to make changes, it broadens the attack surface, increasing the likelihood of exploitation by malicious actors. The impact extends beyond technical compromise to reputational damage and challenges to democratic processes, especially in countries where digital election tools are integrated into official workflows or public information dissemination.
Mitigation Recommendations
To mitigate this vulnerability, organizations should promptly upgrade the SecurePoll extension to the latest patched versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. If immediate upgrading is not feasible, implement strict access controls at the web server or application firewall level to restrict access to the SetTranslationHandler.php endpoint only to trusted election administrators. Additionally, conduct thorough audits of election-related translation changes to detect unauthorized modifications. Employ monitoring and alerting mechanisms for unusual activity related to translation updates. Organizations should also review and harden their MediaWiki configurations to enforce robust authentication and authorization policies, ensuring that only authorized personnel can perform sensitive operations. Finally, consider isolating election-related MediaWiki instances from public access or deploying additional verification steps for translation changes to prevent unauthorized edits.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Austria
CVE-2025-53485: CWE-862 Missing Authorization in Wikimedia Foundation Mediawiki - SecurePoll extension
Description
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-53485 is a security vulnerability identified in the SecurePoll extension of the Wikimedia Foundation's MediaWiki software. The vulnerability is classified under CWE-862, which refers to missing authorization. Specifically, the issue arises in the SetTranslationHandler.php component, where the system fails to verify whether the user attempting to modify election-related translation text holds the necessary election administrator privileges. This flaw allows any user, including unauthenticated users, to alter translation content related to elections. Although newer versions of MediaWiki have partially addressed this issue, the authorization check remains incomplete in affected versions. The vulnerability impacts MediaWiki SecurePoll extension versions 1.39.x prior to 1.39.13, 1.42.x prior to 1.42.7, and 1.43.x prior to 1.43.2. No public exploits are currently known, and no CVSS score has been assigned yet. The vulnerability's root cause is the absence of proper authorization validation, enabling unauthorized modification of sensitive election-related data, which could undermine the integrity and trustworthiness of election processes managed through this extension.
Potential Impact
For European organizations, particularly those involved in governance, public administration, or any entities utilizing MediaWiki with the SecurePoll extension for election or polling purposes, this vulnerability poses a significant risk. Unauthorized modification of election-related translation texts can lead to misinformation, manipulation of election content, and erosion of public trust in digital election tools. This could affect the confidentiality and integrity of election data, potentially influencing voter perception or behavior. Additionally, since the vulnerability allows unauthenticated users to make changes, it broadens the attack surface, increasing the likelihood of exploitation by malicious actors. The impact extends beyond technical compromise to reputational damage and challenges to democratic processes, especially in countries where digital election tools are integrated into official workflows or public information dissemination.
Mitigation Recommendations
To mitigate this vulnerability, organizations should promptly upgrade the SecurePoll extension to the latest patched versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. If immediate upgrading is not feasible, implement strict access controls at the web server or application firewall level to restrict access to the SetTranslationHandler.php endpoint only to trusted election administrators. Additionally, conduct thorough audits of election-related translation changes to detect unauthorized modifications. Employ monitoring and alerting mechanisms for unusual activity related to translation updates. Organizations should also review and harden their MediaWiki configurations to enforce robust authentication and authorization policies, ensuring that only authorized personnel can perform sensitive operations. Finally, consider isolating election-related MediaWiki instances from public access or deploying additional verification steps for translation changes to prevent unauthorized edits.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- wikimedia-foundation
- Date Reserved
- 2025-06-30T15:20:44.462Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 686815556f40f0eb72a1e957
Added to database: 7/4/2025, 5:54:29 PM
Last enriched: 7/4/2025, 6:09:30 PM
Last updated: 7/4/2025, 6:09:30 PM
Views: 2
Related Threats
CVE-2025-7067: Heap-based Buffer Overflow in HDF5
MediumCVE-2025-53483: CWE-352 Cross-Site Request Forgery (CSRF) in Wikimedia Foundation Mediawiki - SecurePoll extension
HighCVE-2025-53484: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Wikimedia Foundation Mediawiki - SecurePoll extension
HighCVE-2025-53482: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Wikimedia Foundation Mediawiki - IPInfo Extension
HighCVE-2025-53481: CWE-400 Uncontrolled Resource Consumption in Wikimedia Foundation Mediawiki - IPInfo Extension
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.