CVE-2025-53483 SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery

🗓️ 04 Jul 2025 17:28:40Reported by wikimedia-foundationType

Multiple SecurePoll admin actions are vulnerable to Cross-Site Request Forgery if misused.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-53483	4 Jul 202521:25	–	circl
CNNVD	Wikimedia Mediawiki - SecurePoll extension 跨站请求伪造漏洞	4 Jul 202500:00	–	cnnvd
CVE	CVE-2025-53483	4 Jul 202517:28	–	cve
EUVD	EUVD-2025-20085	3 Oct 202520:07	–	euvd
NVD	CVE-2025-53483	4 Jul 202518:15	–	nvd
Positive Technologies	PT-2025-28016 · Mediawiki · Mediawiki +1	4 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-53483	6 Jul 202518:25	–	redhatcve
Vulnrichment	CVE-2025-53483 SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery	4 Jul 202517:28	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Mediawiki - SecurePoll extension",
    "vendor": "Wikimedia Foundation",
    "versions": [
      {
        "lessThan": "1.39.13",
        "status": "affected",
        "version": "1.39.x",
        "versionType": "semver"
      },
      {
        "lessThan": "1.42.7",
        "status": "affected",
        "version": "1.42.x",
        "versionType": "semver"
      },
      {
        "lessThan": "1.43.2",
        "status": "affected",
        "version": "1.43.x",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
phabricator	www.phabricator.wikimedia.org/T392341
gerrit	www.gerrit.wikimedia.org/r/1149664
gerrit	www.gerrit.wikimedia.org/r/1149618

04 Jul 2025 17:42Current

EPSS0.00089

CWE-352