CVE-2025-61641 is a directory traversal vulnerability identified in the MediaWiki software maintained by the Wikimedia Foundation. The issue resides in the includes/api/ApiQueryAllPages.php file, which is part of the API handling code responsible for querying all pages. The vulnerability allows an attacker to manipulate file path inputs to access files outside the intended directory scope, violating the principle of restricted pathname limitation (CWE-22). This can lead to unauthorized reading of files on the server, potentially exposing sensitive information. The vulnerability affects all MediaWiki versions prior to 1.39.14, 1.43.4, and 1.44.1, indicating multiple branches of the software are impacted. The CVSS 4.0 base score is 1.7, reflecting low severity due to the limited impact and lack of authentication or user interaction requirements. The attack vector is network-based with low complexity, but the vulnerability only results in limited information disclosure without integrity or availability impact. No known exploits have been reported in the wild, and no official patches have been linked yet, though it is expected that Wikimedia Foundation will release fixes. The vulnerability's presence in a widely used wiki platform necessitates attention, especially for organizations hosting public or private MediaWiki instances.

The primary impact of CVE-2025-61641 is limited unauthorized disclosure of information due to directory traversal. While it does not allow modification or deletion of files, the ability to read unintended files could expose configuration files, credentials, or other sensitive data stored on the server. For organizations relying on MediaWiki for internal knowledge bases or public documentation, this could lead to leakage of proprietary or sensitive information. The vulnerability's low CVSS score and lack of known exploits reduce immediate risk, but attackers could potentially chain this with other vulnerabilities for greater impact. The threat is more significant for organizations with lax network segmentation or those exposing MediaWiki APIs to the internet without adequate access controls. Overall, the impact is low but non-negligible, warranting timely remediation to maintain confidentiality and trust.

Organizations should prioritize upgrading MediaWiki installations to versions 1.39.14, 1.43.4, or 1.44.1 or later once patches are officially released by the Wikimedia Foundation. Until patches are available, administrators should restrict access to the API endpoints, especially includes/api/ApiQueryAllPages.php, using network-level controls such as firewalls or web application firewalls (WAFs) to limit exposure. Implement strict input validation and sanitization on any custom extensions or integrations interacting with MediaWiki APIs. Monitor logs for unusual access patterns targeting the vulnerable API. Employ the principle of least privilege on the server to minimize the impact of unauthorized file access. Regularly audit MediaWiki configurations and file permissions to ensure sensitive files are not accessible by the web server user. Finally, maintain an incident response plan to quickly address any exploitation attempts.