Alerts This Week
Warning Icon 1 941
Alerts This Week
Warning Icon 1 941

Mageia 9: MediaWiki Critical XSS Denial of Service Fix MGASA-2025-0260

mageia
Calendar Grey November 5, 2025
Dist Mageia Esm H88
Security advisory for Mageia mediawiki package addresses multiple critical vulnerabilities. Immediate updates recommended.
MGASA-2025-0260 - Updated mediawiki packages fix security vulnerabilities

Summary

Description: i18n XSS vulnerability in HTMLMultiSelectField when sections are used. (CVE-2025-3469) "reupload-own" restriction can be bypassed by reverting file. (CVE-2025-32696) Cascading protection is not preventing file reversions. (CVE-2025-32697) LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions. (CVE-2025-32698) Potential javascript injection attack enabled by Unicode normalization in Action API. (CVE-2025-32699) AbuseFilter log interfaces expose global private and hidden filters when central DB is not available. (CVE-2025-32700) HTML injection in feed output from i18n message. (CVE-2025-32072) OATHAuth extension: Reauthentication for enabling 2FA can be bypassed by submitting a form in Special:OATHManage. (CVE-2025-11173) Stored i18n Cross-site scripting (XSS) vulnerability in mw.language.listToText. (CVE-2025-11261) ConfirmEdit extension: Missing rate limiting in ApiFancyCaptchaReload. (CVE-2025-61635) Parsoid: Validation bypass f...

References

- https://bugs.mageia.org/show_bug.cgi?id=34211

- https://lists.debian.org/debian-security-announce/2025/msg00063.html

- https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/CIXFJVC57OFRBCCEIDRLZCLFGMYGEYTT/

- https://lists.debian.org/debian-security-announce/2025/msg00121.html

- https://lists.debian.org/debian-lts-announce/2025/10/msg00034.html

- https://www.cve.org/CVERecord?id=CVE-2025-3469

- https://www.cve.org/CVERecord?id=CVE-2025-32696

- https://www.cve.org/CVERecord?id=CVE-2025-32697

- https://www.cve.org/CVERecord?id=CVE-2025-32698

- https://www.cve.org/CVERecord?id=CVE-2025-32699

- https://www.cve.org/CVERecord?id=CVE-2025-32700

- https://www.cve.org/CVERecord?id=CVE-2025-32072

- https://www.cve.org/CVERecord?id=CVE-2025-11173

- https://www.cve.org/CVERecord?id=CVE-2025-11261

- https://www.cve.org/CVERecord?id=CVE-2025-61635

- https://www.cve.org/CVERecord?id=CVE-2025-61638

- https://www.cve.org/CVERecord?id=CVE-2025-61639

- https://www.cve.org/CVERecord?id=CVE-2025-61640

- https://www.cve.org/CVERecord?id=CVE-2025-61641

- https://www.cve.org/CVERecord?id=CVE-2025-61643

- https://www.cve.org/CVERecord?id=CVE-2025-61646

- https://www.cve.org/CVERecord?id=CVE-2025-61653

Topics%20covered

Topics Covered

security advisory denial of service critical XSS mediawiki Mageia

Resolution

SRPMS

- 9/core/mediawiki-1.35.14-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 Nov 2025
URL: https://advisories.mageia.org/MGASA-2025-0260.html
Type: security
CVE: CVE-2025-3469, CVE-2025-32696, CVE-2025-32697, CVE-2025-32698, CVE-2025-32699, CVE-2025-32700, CVE-2025-32072, CVE-2025-11173, CVE-2025-11261, CVE-2025-61635, CVE-2025-61638, CVE-2025-61639, CVE-2025-61640, CVE-2025-61641, CVE-2025-61643, CVE-2025-61646, CVE-2025-61653

Topics%20covered

Topics Covered

security advisory denial of service critical XSS mediawiki Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here