Main Vulnerability Database Vulnerabilities #VU113746

#VU113746 Session fixation in MediaWiki - CVE-2025-6592

Published: August 7, 2025

Vulnerability identifier: #VU113746

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-6592

CWE-ID: CWE-384

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MediaWiki

Software vendor:
MediaWiki.org

Description

The vulnerability allows a remote attacker to perform session fixation attacks.

The vulnerability exists due to software associates temporary user accounts with newly registered user account, leading to data being merged, such as username and IP address. This can lead to potential account takeover if at attacker had control over the temp user session.

Remediation

Install updates from vendor's website.

External links

https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1143146

#VU113746 Session fixation in MediaWiki - CVE-2025-6592

Description

Remediation

External links

Please verify you're human