Unknown · Lockdown Extension · CVE-2025-12004
**Name of the Vulnerable Software and Affected Versions**
Mediawiki - Lockdown Extension versions prior to 1.42
**Description**
The Mediawiki Lockdown Extension contains a flaw related to incorrect permission assignment for critical resources, which allows for privilege abuse. The issue resides in the compare API module and enables attackers to bypass permissions, potentially leading to complete privilege escalation without authentication. The problem is fixed in the Mediawiki Core Action API.
**Recommendations**
Upgrade to version 1.42 or later to resolve this vulnerability.