{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "1.39.X" }, { "fixed": "1.39.12" }, { "introduced": "1.42.X" }, { "fixed": "1.42.7" }, { "introduced": "1.43.X" }, { "fixed": "1.43.2" } ] }, "events": [ { "introduced": "c95fc4786beba034fa643062b98a60ccbde831fd" }, { "fixed": "78458ed106076061322977f86f5140d468de63a3" }, { "introduced": "d0ef88eba424fded5735954d79bfd57fab53d981" }, { "fixed": "30d9707511274f256db07dc71010ae0bc6e33d28" }, { "introduced": "8216997ffcc956a610635f07044fb9a3b5dda9d9" }, { "fixed": "0af28b77ee97ff26c62ce647bb12963adde19d22" } ], "repo": "https://github.com/wikimedia/mediawiki", "type": "GIT" } ] } ], "details": "Improper Access Control vulnerability in Wikimedia Foundation Mediawiki - Scribunto Extension allows : Accessing Functionality Not Properly Constrained by Authorization.This issue affects Mediawiki - Scribunto Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.", "id": "CVE-2025-53501", "modified": "2026-03-13T13:46:57.488341846Z", "published": "2025-07-03T17:15:40.127Z", "references": [ { "type": "FIX", "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/1164541" }, { "type": "FIX", "url": "https://phabricator.wikimedia.org/T397524" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }