Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vaaj-f4v8-qbhj

Summary Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

Aliases

alias	CVE-2025-11175

Fixed_packages

url	pkg:deb/debian/mediawiki@0?distro=trixie
purl	pkg:deb/debian/mediawiki@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@0%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7831-8u7z-6fep

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.5%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.5%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-buwp-69zb-93hs

vulnerability	VCID-cbtm-g4t5-u3am

vulnerability	VCID-d5vz-puw9-t7er

vulnerability	VCID-kw32-af5a-hqg8

vulnerability	VCID-q7k6-59z5-d7a7

vulnerability	VCID-wktm-ya6k-v7dv

vulnerability	VCID-x8t7-agtn-zudu

vulnerability	VCID-xdct-ca96-3uat

vulnerability	VCID-zmax-894d-5kfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.6%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.6%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kw32-af5a-hqg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11175

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02093
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.021
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02095
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02324
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02313
published_at	2026-04-18T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02307
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02322
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.0236
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02337
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02411
published_at	2026-04-21T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02393
published_at	2026-04-24T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02338
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11175

reference_url

https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d

reference_id

I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/

url

https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d

reference_url

https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7

reference_id

I563219f3298a8740e158d130492bf3d2897784d7

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/

url

https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7

reference_url

https://phabricator.wikimedia.org/T364910

reference_id

T364910

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/

url

https://phabricator.wikimedia.org/T364910

reference_url

https://phabricator.wikimedia.org/T396248

reference_id

T396248

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-30T19:28:31Z/

url

https://phabricator.wikimedia.org/T396248

Weaknesses

cwe_id	917
name	Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
description	The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

Exploits

Severity_range_score 8.8 - 8.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vaaj-f4v8-qbhj

Vulnerability Instance