What is the CVSS score of CVE-2025-53371?

CVE-2025-53371 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H. EPSS exploitation probability: 0.1%.

Which versions of Mediawiki are affected by CVE-2025-53371?

CVE-2025-53371 is a critical denial-of-service vulnerability in DiscordNotifications (CVSS 9.1) that enables attackers to disrupt notification services through malicious requests, potentially…. A patch is available.

How to fix or mitigate CVE-2025-53371?

Within 24 hours: Identify all instances of DiscordNotifications in use and document versions currently deployed. Within 7 days: Apply vendor-released patch to all affected DiscordNotifications deployments and verify successful installation. Within 30 days: Conduct post-patch validation testing to confirm notification functionality and implement monitoring for anomalous request patterns to the DiscordNotifications service.

Mediawiki CVE-2025-53371

EUVD-2025-21013 CRITICAL

Uncontrolled Resource Consumption (CWE-400)

2025-07-10 security-advisories@github.com

SSRF Denial Of Service Mediawiki PHP RCE

9.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:51 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1f20d850cbcce5b15951c7c6127b87b927a5415e

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21013

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 18:15 nvd

CRITICAL 9.1

DescriptionGitHub Advisory

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.

AnalysisAI

A denial of service vulnerability in DiscordNotifications (CVSS 9.1) that allows sending requests. Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-400 (Uncontrolled Resource Consumption). CVSS 9.1 indicates critical severity with likely remote exploitation vector. Affects DiscordNotifications.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-53371 vulnerability details – vuln.today

Back