Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Analysis
Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Technical ContextAI
An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).
RemediationAI
Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | released | 1:1.43.3+dfsg-1 |
| plucky | ignored | end of life, was needs-triage |
| oracular | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1:1.35.13-1+deb11u4 | - |
| bullseye (security) | fixed | 1:1.35.13-1+deb11u6 | - |
| bookworm, bookworm (security) | fixed | 1:1.39.17-1~deb12u1 | - |
| trixie (security), trixie | fixed | 1:1.43.6+dfsg-1~deb13u1 | - |
| forky, sid | fixed | 1:1.43.6+dfsg-2 | - |
| bookworm | fixed | 1:1.39.13-1~deb12u1 | - |
| (unstable) | fixed | 1:1.43.3+dfsg-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19884