Search for vulnerabilities
Vulnerability details: VCID-zzg3-w43c-bybp
Vulnerability ID VCID-zzg3-w43c-bybp
Aliases CVE-2025-32696
Summary Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-281 Improper Preservation of Permissions
System Score Found at
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-32696
cvssv4 0 https://phabricator.wikimedia.org/T304474
ssvc Track https://phabricator.wikimedia.org/T304474
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-32696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696
CVE-2025-32696 https://nvd.nist.gov/vuln/detail/CVE-2025-32696
T304474 https://phabricator.wikimedia.org/T304474
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/RE:M/U:Green Found at https://phabricator.wikimedia.org/T304474
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T19:06:02Z/ Found at https://phabricator.wikimedia.org/T304474
Exploit Prediction Scoring System (EPSS)
Percentile 0.16572
EPSS Score 0.00054
Published At Sept. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:25:53.827429+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/32xxx/CVE-2025-32696.json 37.0.0