QwikSec

Security Database

CVE

CWE

Training

CVE-2025-12004

Published: Oct 21, 2025

Modified: Oct 21, 2025

PUBLISHED

Description

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.

Vendor	Product	Versions
The Wikimedia Foundation	Mediawiki - Lockdown Extension	affected `master - < 1.42`

Weaknesses (CWE)

References

https://phabricator.wikimedia.org/T397521

https://gerrit.wikimedia.org/r/q/Id275382743957004fa7fc56318fc104d8e2d267b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2025-12004 - Security Vulnerability | QwikSec