VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Feb 3, 2026· Updated Apr 14, 2026

CVE-2025-67476

CVE-2025-67476

Description

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.

This issue affects MediaWiki: from * before 1.44.3, 1.45.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A vulnerability in MediaWiki's ImportableOldRevisionImporter.php affects versions before 1.44.3 and 1.45.1, allowing potential unauthorized actions during revision imports.

Vulnerability

Details The vulnerability resides in the ImportableOldRevisionImporter.php file within the MediaWiki import system. According to the advisory, it affects all MediaWiki versions prior to 1.44.3 and 1.45.1. The specific bug has not been publicly disclosed, but it is tracked in the Wikimedia Phabricator instance as T405859 [1].

Exploitation

The import functionality handles the ingestion of old revisions during wiki imports. An attacker with the ability to initiate imports or with access to crafted import files could potentially exploit this vulnerability. No authentication requirements or network position are specified, but given the medium CVSS score of 4.3, the attack complexity is likely low.

Impact

The impact of exploitation is not fully detailed. Based on the severity rating, it may lead to integrity violations or limited information disclosure. The MediaWiki security team has classified it as a medium-severity issue.

Mitigation

Administrators are advised to upgrade to MediaWiki 1.44.3 or 1.45.1, which contain the fix. No workarounds have been published. As of the publication date, this CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. Log In or Register with LDAP

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • MediaWiki/Mediawiki2 versions
    cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*range: >=1.44.0,<1.44.3
    • cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*
  • Wikimedia Foundation/Mediawikillm-fuzzy
    Range: >= 1.44.0, < 1.44.3; >= 1.45.0, < 1.45.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.