CVE-2025-12004

CVE-2025-12004 affects MediaWiki with the Lockdown Extension (vulnerable: Lockdown Extension before 1.42). The issue is an incorrect permission assignment for a critical resource, enabling privilege abuse. The vulnerability is fixed in MediaWiki Core Action API (upgrade to a version including the...