PT-2025-42930 · Unknown · Mediawiki - Tabs Extension+1
Dom_Walden
+1
·
Published
2025-10-21
·
Updated
2025-10-21
·
CVE-2025-62661
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension versions 1.43 through 1.43.99
Description
A flaw exists in the Mediawiki - Thanks Extension and Mediawiki - Growth Experiments Extension where default permissions are improperly configured, leading to access of functionality that is not adequately restricted by Access Control Lists (ACLs).
Recommendations
Update to version 1.44 or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Growthexperiments Extension For Mediawiki
Mediawiki - Tabs Extension