CVE-2025-67476
📋 TL;DR
This vulnerability in MediaWiki's ImportableOldRevisionImporter.php allows attackers to potentially execute unauthorized actions during content imports. It affects all MediaWiki installations running vulnerable versions, particularly those using import functionality. The exact nature isn't publicly detailed but involves improper handling of imported content.
💻 Affected Systems
- MediaWiki
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution or privilege escalation through malicious import data
Likely Case
Unauthorized content modification or data manipulation during imports
If Mitigated
Limited impact if import functionality is disabled or restricted
🎯 Exploit Status
Requires import access; details limited in public disclosure
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.44.3 or 1.45.1
Vendor Advisory: https://phabricator.wikimedia.org/T405859
Restart Required: No
Instructions:
1. Backup your MediaWiki installation. 2. Update MediaWiki to version 1.44.3 or 1.45.1. 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable Import Functionality
allTemporarily disable the Special:Import page to prevent exploitation
Add to LocalSettings.php: $wgGroupPermissions['*']['import'] = false;
Add to LocalSettings.php: $wgGroupPermissions['user']['import'] = false;
🧯 If You Can't Patch
- Restrict import permissions to trusted administrators only
- Monitor import logs for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check MediaWiki version in includes/DefaultSettings.php or via Special:VersionCheck Version:
grep 'wgVersion' includes/DefaultSettings.phpVerify Fix Applied:
Confirm version is 1.44.3 or 1.45.1 via Special:Version📡 Detection & Monitoring
Log Indicators:
- Unusual import activity from unexpected users
- Failed import attempts with malformed data
Network Indicators:
- HTTP requests to Special:Import with suspicious parameters
SIEM Query:
source="mediawiki.log" AND "Special:Import" AND (status="failed" OR user!="trusted_user")