CVE-2025-53371

Published: Jul 10, 2025

Modified: Jul 10, 2025

PUBLISHED

CVSS v3.1

9.1

CRITICAL

Description

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.

Vendor	Product	Versions
miraheze	DiscordNotifications	affected `< 1f20d850cbcce5b15951c7c6127b87b927a5415e`

Weaknesses (CWE)

CWE-400

CWE-918

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

References

https://github.com/miraheze/DiscordNotifications/security/advisories/GHSA-gvfx-p3h5-qf65

x_refsource_CONFIRM

https://github.com/miraheze/DiscordNotifications/commit/1f20d850cbcce5b15951c7c6127b87b927a5415e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-53371

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References