Lucene search
K

Debian dla-4428 : mediawiki - security update

🗓️ 30 Dec 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Debian LTS update for mediawiki fixes CVEs causing information disclosure, denial of service, or privilege escalation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-67479
3 Feb 202601:12
attackerkb
ATTACKERKB
CVE-2025-67475
3 Feb 202601:21
attackerkb
ATTACKERKB
CVE-2025-67482
3 Feb 202601:28
attackerkb
ATTACKERKB
CVE-2025-67484
3 Feb 202601:24
attackerkb
ATTACKERKB
CVE-2025-67478
3 Feb 202601:14
attackerkb
ATTACKERKB
CVE-2025-67480
3 Feb 202601:23
attackerkb
ATTACKERKB
CVE-2025-67481
3 Feb 202601:30
attackerkb
Circl
CVE-2025-67478
14 Apr 202615:16
circl
Circl
CVE-2025-67484
14 Apr 202615:16
circl
CNNVD
Wikimedia MediaWiki 安全漏洞
3 Feb 202600:00
cnnvd
Rows per page
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4428. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(280692);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/19");

  script_cve_id(
    "CVE-2025-67475",
    "CVE-2025-67478",
    "CVE-2025-67479",
    "CVE-2025-67480",
    "CVE-2025-67481",
    "CVE-2025-67482",
    "CVE-2025-67484"
  );

  script_name(english:"Debian dla-4428 : mediawiki - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4428 advisory.

    -------------------------------------------------------------------------
    Debian LTS Advisory DLA-4428-1                [email protected]
    https://www.debian.org/lts/security/                       Guilhem Moulin
    December 30, 2025                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : mediawiki
    Version        : 1:1.35.13-1+deb11u6
    CVE ID         : CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480
                     CVE-2025-67481 CVE-2025-67482 CVE-2025-67484

    Multiple security vulnerabilities were found in mediawiki, a website
    engine for collaborative work, which could lead to information
    disclosure, denial of service or privilege escalation.

    CVE-2025-67475

        Square brackets in autocomment links were not always escaped.

    CVE-2025-67478

        Commas not separating values in RFC 2822 style headers were not
        escaped, hence could be interpreted downstream as value separators.

    CVE-2025-67479

        Underscore and wide underscore were not always sanitized in `data-*`
        attribute names.

    CVE-2025-67480

        ApiQueryRevisionsBase did not check for read permissions for the
        target page.

    CVE-2025-67481

        Insufficient `style` attribute sanitation in client-side messages
        (jqueryMsg).

        As such attributes are difficult to sanitize properly (the logic
        needs to be updated constantly as new CSS features are developed by
        browser vendors) and their use cases in client-side messages are
        extremely rare, they are no longer allowed.

        If needed, `class` and `id` are still allowed, so these elements can
        be targeted by normal stylesheets.

    CVE-2025-67482

        Scribunto extension: Segfault in unpack() with large integers
        affecting some builds of Lua.

    CVE-2025-67484

        Cross-site scripting (XSS) vulnerability via xslt option for users
        with the editinterface permission.  The xslt option is now
        disabled by default.  If the former unsafe behavior is desired, is
        can be re-enabled by setting `$wgEnableUnsafeXsltOption` to true.

    For Debian 11 bullseye, these problems have been fixed in version
    1:1.35.13-1+deb11u6.

    We recommend that you upgrade your mediawiki packages.

    For the detailed security status of mediawiki please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/mediawiki

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    Attachment:
    signature.asc
    Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/mediawiki");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67475");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67478");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67479");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67480");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67481");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67482");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-67484");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/mediawiki");
  script_set_attribute(attribute:"solution", value:
"Upgrade the mediawiki packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-67484");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-67482");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mediawiki");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mediawiki-classes");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'mediawiki', 'reference': '1:1.35.13-1+deb11u6'},
    {'release': '11.0', 'prefix': 'mediawiki-classes', 'reference': '1:1.35.13-1+deb11u6'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mediawiki / mediawiki-classes');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Feb 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.19.8
CVSS 46.3
EPSS0.00395
SSVC
4