CVE-2025-53485 Information
Jul 05, 2025
cve
Description
SetTranslationHandler.php does not validate that the user is an election admin allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions the check is still missing.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13 from 1.42.X before 1.42.7 from 1.43.X before 1.43.2.
Reference
https://gerrit.wikimedia.org/r/149668 https://phabricator.wikimedia.org/T392341
Related CNNVD
CNNVD-202507-507 (Published: 2025-07-04)
Share on: