CVE-2025-62661 identifies an incorrect default permissions vulnerability (CWE-276) in the Wikimedia Foundation's Mediawiki Thanks Extension and Growth Experiments Extension, affecting versions from 1.43 before 1.44. The vulnerability allows unauthorized users to access functionality that should be restricted by ACLs, due to improper default permission settings. This flaw can be exploited remotely over the network without requiring authentication or user interaction, increasing the attack surface. The CVSS 4.0 base score is 6.9 (medium), reflecting the ease of exploitation and moderate impact on confidentiality, integrity, and availability. The vulnerability could allow attackers to perform unauthorized actions or access sensitive features within Mediawiki installations using these extensions, potentially leading to information disclosure or manipulation of wiki content or experiments. No public exploits are known at this time, but the issue is significant for organizations relying on Mediawiki for collaborative knowledge management. The vulnerability affects only specific extensions and versions, with a patch expected in version 1.44 or later. The Wikimedia Foundation assigned and published the CVE promptly after discovery, indicating active maintenance and response.

For European organizations utilizing Mediawiki with the Thanks and Growth Experiments extensions, this vulnerability poses a risk of unauthorized access to restricted functionality, which could lead to partial data exposure or unauthorized content modifications. This is particularly relevant for public institutions, educational bodies, and enterprises that use Mediawiki for documentation and collaboration. The potential impact includes undermining data integrity and confidentiality, as attackers could exploit the incorrect ACL enforcement to manipulate or view sensitive information. Availability impact is limited but possible if unauthorized actions disrupt normal operations. The medium severity suggests that while the threat is not critical, it could facilitate further attacks or data breaches if left unmitigated. Organizations with public-facing Mediawiki instances are at higher risk due to the network attack vector and lack of authentication requirements. The absence of known exploits reduces immediate urgency but does not eliminate the risk of future exploitation.

1. Upgrade affected Mediawiki extensions to version 1.44 or later as soon as the patch is released by the Wikimedia Foundation. 2. In the interim, review and tighten ACL configurations for the Thanks and Growth Experiments extensions to ensure that only authorized users have access to sensitive functionality. 3. Conduct an audit of Mediawiki user roles and permissions to detect and remediate any overly permissive settings. 4. Monitor Mediawiki logs for unusual access patterns or unauthorized attempts to use restricted features. 5. Restrict network access to Mediawiki instances where feasible, using firewalls or VPNs, to limit exposure to untrusted networks. 6. Stay informed on updates from the Wikimedia Foundation regarding this vulnerability and any emerging exploit reports. 7. Consider disabling the affected extensions temporarily if patching or configuration changes are not immediately possible, balancing functionality needs against security risks.