CVE-2025-32964

Name of the Vulnerable Software and Affected Versions ManageWiki (affected versions not specified)

Description The issue concerns the ManageWiki MediaWiki extension, which allows users to manage wikis. Prior to a specific commit (00bebea), when a conflicting extension was enabled, a restricted extension would be automatically disabled, even if the user did not have the necessary ManageWiki-restricted right.

Recommendations For versions prior to commit 00bebea, ensure that any extensions requiring specific permissions in $wgManageWikiExtensions also require the same permissions for managing any conflicting extensions. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but it has been patched in commit 00bebea.