Unrated severityNVD Advisory· Published Apr 22, 2025· Updated Apr 22, 2025
ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions
CVE-2025-32964
Description
ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in $wgManageWikiExtensions also require the same permissions for managing any conflicting extensions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- miraheze/ManageWikiv5Range: < 00bebea
Patches
Vulnerability mechanics
References
2- github.com/miraheze/ManageWiki/commit/00bebea43a3e3ff0157b5f04df17c1d1e88a9acdmitrex_refsource_MISC
- github.com/miraheze/ManageWiki/security/advisories/GHSA-ccrf-x5rp-gpprmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.