Debian 11 MediaWiki Important Security Advisory DLA-4249-1 CVE-2025-3469
debian lts
July 23, 2025
Multiple security vulnerabilities were found in mediawiki, a website engine for collaborative work, that could lead to information disclosure or privilege escalation
Summary
CVE-2025-3469
User input was not properly sanitized during web page generation,
which could lead to information disclosure or privilege escalation
via Cross-site Scripting.
CVE-2025-6590
User input was not sanitized in the password reset form, which could lead
to information disclosure for private pages via transclusion.
CVE-2025-6591
HTML injection in API `action=feedcontributions` output from i18n
messages.
CVE-2025-6593
"{{SITENAME}} registered email address has been changed" email was
sent to unverified email addresses, which could lead to information
disclosure.
CVE-2025-6594
XSS in Special:ApiSandbox. While the known issue is not exploitable
in â¤1.39, the backported changes provide some security hardening
just in case.
CVE-2025-6595
Stored XSS through system messages in MultimediaViewer.
CVE-2025-6597
Autocreation was treated as login for the purposes of security
reauthentication. However it doesn't necessarily involve real-time
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: mediawiki
Version: 1:1.35.13-1+deb11u4
CVE ID: CVE-2025-3469 CVE-2025-6590 CVE-2025-6591 CVE-2025-6593
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!