CVE-2025-23073

low-risk

Published 2025-01-14

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / LOW complexity

References (2)

https://gerrit.wikimedia.org/r/q/I2a2d32aedf6328be0a9f1b4e04a6567a25f19486

https://phabricator.wikimedia.org/T377855

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal