High severity8.0NVD Advisory· Published Apr 21, 2025· Updated Jun 17, 2026
CVE-2025-32956
CVE-2025-32956
Description
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injection payload. This issue has been patched in commit f504ed8. A workaround for this vulnerability involves setting $wgManageWiki['namespaces'] = false;.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <f504ed8
- miraheze/ManageWikiv5Range: < f504ed8
Patches
Vulnerability mechanics
References
4- github.com/miraheze/ManageWiki/commit/f504ed8eeb59b57ebb90f93cd44f23da4c5bc4c9nvdPatch
- www.vicarius.io/vsociety/posts/cve-2025-32956-detect-mediawiki-vulnerabilitynvdExploitThird Party Advisory
- www.vicarius.io/vsociety/posts/cve-2025-32956-mitigate-mediawiki-vulnerabilitynvdExploitMitigationThird Party Advisory
- github.com/miraheze/ManageWiki/security/advisories/GHSA-gg42-cv66-f5x7nvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.