Search for vulnerabilities
Vulnerability details: VCID-zh3t-wu8f-73b5
Vulnerability ID VCID-zh3t-wu8f-73b5
Aliases CVE-2025-32697
Summary Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-281 Improper Preservation of Permissions
System Score Found at
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32697
cvssv4 0 https://phabricator.wikimedia.org/T140010
ssvc Track https://phabricator.wikimedia.org/T140010
cvssv4 0 https://phabricator.wikimedia.org/T24521
ssvc Track https://phabricator.wikimedia.org/T24521
cvssv4 0 https://phabricator.wikimedia.org/T62109
ssvc Track https://phabricator.wikimedia.org/T62109
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-32697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697
CVE-2025-32697 https://nvd.nist.gov/vuln/detail/CVE-2025-32697
T140010 https://phabricator.wikimedia.org/T140010
T24521 https://phabricator.wikimedia.org/T24521
T62109 https://phabricator.wikimedia.org/T62109
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green Found at https://phabricator.wikimedia.org/T140010
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/ Found at https://phabricator.wikimedia.org/T140010
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green Found at https://phabricator.wikimedia.org/T24521
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/ Found at https://phabricator.wikimedia.org/T24521
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green Found at https://phabricator.wikimedia.org/T62109
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:05:19Z/ Found at https://phabricator.wikimedia.org/T62109
Exploit Prediction Scoring System (EPSS)
Percentile 0.1533
EPSS Score 0.00051
Published At Sept. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:25:59.734535+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/32xxx/CVE-2025-32697.json 37.0.0