CVE-2025-32079 - Vulnerability Details - OpenCVE

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020
https://phabricator.wikimedia.org/T384244

History

Thu, 03 Jul 2025 17:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 10.0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 03 Jul 2025 16:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`	cvssV4_0 `{'score': 10.0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 11 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 11 Apr 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.
Title		Saving the right content to MediaWiki:GrowthMentors.json can take down the site
Weaknesses		CWE-20
References		https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020 https://phabricator.wikimedia.org/T384244
Metrics		cvssV4_0 `{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: wikimedia-foundation

Published: 2025-04-11T16:24:21.988Z

Updated: 2025-07-03T16:28:56.592Z

Reserved: 2025-04-03T21:57:02.784Z

Link: CVE-2025-32079

Vulnrichment

Updated: 2025-04-11T16:36:00.894Z

NVD

Status : Awaiting Analysis

Published: 2025-04-11T17:15:44.837

Modified: 2025-07-03T17:15:39.183

Link: CVE-2025-32079

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32079", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "state": "PUBLISHED", "assignerShortName": "wikimedia-foundation", "dateReserved": "2025-04-03T21:57:02.784Z", "datePublished": "2025-04-11T16:24:21.988Z", "dateUpdated": "2025-07-03T16:28:56.592Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mediawiki - GrowthExperiments", "vendor": "The Wikimedia Foundation", "versions": [{"lessThanOrEqual": "1.43", "status": "affected", "version": "1.39", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Urbanecm_WMF"}], "datePublic": "2025-04-10T22:02:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.<p>This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.</p>"}], "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2025-07-03T16:28:56.592Z"}, "references": [{"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020"}, {"url": "https://phabricator.wikimedia.org/T384244"}], "source": {"discovery": "UNKNOWN"}, "title": "Saving the right content to MediaWiki:GrowthMentors.json can take down the site", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T16:35:56.581176Z", "id": "CVE-2025-32079", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:36:05.647Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32079", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-11T16:35:56.581176Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:36:00.894Z"}}], "cna": {"title": "Saving the right content to MediaWiki:GrowthMentors.json can take down the site", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Urbanecm_WMF"}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "affected": [{"vendor": "The Wikimedia Foundation", "product": "Mediawiki - GrowthExperiments", "versions": [{"status": "affected", "version": "1.39", "versionType": "semver", "lessThanOrEqual": "1.43"}], "defaultStatus": "unaffected"}], "datePublic": "2025-04-10T22:02:00.000Z", "references": [{"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020"}, {"url": "https://phabricator.wikimedia.org/T384244"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.<p>This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2025-07-03T16:28:56.592Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32079", "state": "PUBLISHED", "dateUpdated": "2025-07-03T16:28:56.592Z", "dateReserved": "2025-04-03T21:57:02.784Z", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "datePublished": "2025-04-11T16:24:21.988Z", "assignerShortName": "wikimedia-foundation"}, "dataVersion": "5.1"}