ByteOS Network

Vulnerability Details :

CVE-2025-32075

Assigner Org ID-c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Published At-11 Apr, 2025 | 16:21

Updated At-11 Apr, 2025 | 17:34

IP and user agent leaks in Extension:Tabs

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:wikimedia-foundation

Assigner Org ID:c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Published At:11 Apr, 2025 | 16:21

Updated At:11 Apr, 2025 | 17:34

▼CVE Numbering Authority (CNA)

IP and user agent leaks in Extension:Tabs

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.

Affected Products

Vendor

Wikimedia Foundation

Product

Mediawiki - Tabs Extension

Default Status

unaffected

Versions

Affected

From 1.39 through 1.43 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-20	CWE-20 Improper Input Validation

Type: CWE

CWE ID: CWE-20

Description: CWE-20 Improper Input Validation

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Impacts

CAPEC ID	Description
CAPEC-242	CAPEC-242 Code Injection

CAPEC ID: CAPEC-242

Description: CAPEC-242 Code Injection

Credits

finder

BlankEclair

References

Hyperlink	Resource
https://phabricator.wikimedia.org/T386887	N/A
https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092	N/A

Hyperlink: https://phabricator.wikimedia.org/T386887

Resource: N/A

Hyperlink: https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://phabricator.wikimedia.org/T386887	exploit

Hyperlink: https://phabricator.wikimedia.org/T386887

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Published At:11 Apr, 2025 | 17:15

Updated At:15 Apr, 2025 | 18:39

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Tabs Extension allows Code Injection.This issue affects Mediawiki - Tabs Extension: from 1.39 through 1.43.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

CWE ID: CWE-20

Type: Secondary

Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

References

Hyperlink	Source	Resource
https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092	c4f26cc8-17ff-4c99-b5e2-38fc1793eacc	N/A
https://phabricator.wikimedia.org/T386887	c4f26cc8-17ff-4c99-b5e2-38fc1793eacc	N/A
https://phabricator.wikimedia.org/T386887	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://gerrit.wikimedia.org/r/q/I03bec9528ee3ed05f35187458cde4e2fc4b51092

Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Resource: N/A

Hyperlink: https://phabricator.wikimedia.org/T386887

Source: c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Resource: N/A

Hyperlink: https://phabricator.wikimedia.org/T386887

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

Similar CVEs

11Records found

CVE-2025-32076

Matching Score-10

CVE-2025-32075

Credits

IP and user agent leaks in Extension:Tabs

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs