How to fix CVE-2025-6926?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Audit authentication configurations and rotate any potentially compromised credentials.

Is Ubuntu affected by CVE-2025-6926?

CVE-2025-6926 presents significant security risk, a improper authentication vulnerability rated CVSS 8.8. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

CVE-2025-6926

EUVD-2025-19884 HIGH

2025-07-03 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 02:12 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 02:12 euvd

EUVD-2025-19884

CVE Published

Jul 03, 2025 - 17:15 nvd

HIGH 8.8

Description

Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Analysis

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

Affected Products

Affected: Wikimedia Foundation Mediawiki - CentralAuth Extension

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

Vendor Status

Ubuntu

Priority: Medium

mediawiki

Release	Status	Version
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	released	1:1.43.3+dfsg-1
plucky	ignored	end of life, was needs-triage
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

mediawiki

Release	Status	Fixed Version	Urgency
bullseye	fixed	1:1.35.13-1+deb11u4	-
bullseye (security)	fixed	1:1.35.13-1+deb11u6	-
bookworm, bookworm (security)	fixed	1:1.39.17-1~deb12u1	-
trixie (security), trixie	fixed	1:1.43.6+dfsg-1~deb13u1	-
forky, sid	fixed	1:1.43.6+dfsg-2	-
bookworm	fixed	1:1.39.13-1~deb12u1	-
(unstable)	fixed	1:1.43.3+dfsg-1	-

DLA-4249-1 DSA-5957-1

CVE-2025-6926 vulnerability details – vuln.today

Back

CVE-2025-6926

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-6926

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code