CVE-2025-11175
📋 TL;DR
This CVE describes an Expression Language Injection vulnerability in MediaWiki's DiscussionTools extension that allows attackers to cause Regular Expression Exponential Blowup (ReDoS) attacks. The vulnerability affects MediaWiki installations with the DiscussionTools extension enabled, potentially leading to denial of service. Users of MediaWiki versions 1.44 and 1.43 with the DiscussionTools extension are affected.
💻 Affected Systems
- MediaWiki - DiscussionTools Extension
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion from ReDoS attacks, potentially affecting all users of the MediaWiki instance.
Likely Case
Partial service degradation or temporary unavailability for specific pages or users when targeted by ReDoS attacks.
If Mitigated
Minimal impact with proper input validation and rate limiting in place, though some performance degradation may still occur.
🎯 Exploit Status
Expression Language Injection vulnerabilities typically require minimal technical skill to exploit for ReDoS attacks once the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: MediaWiki 1.44.1 and later, or update DiscussionTools extension separately
Vendor Advisory: https://phabricator.wikimedia.org/T364910
Restart Required: No
Instructions:
1. Update MediaWiki to version 1.44.1 or later. 2. Alternatively, update the DiscussionTools extension to the latest version. 3. Clear any caches if applicable.
🔧 Temporary Workarounds
Disable DiscussionTools Extension
allTemporarily disable the vulnerable extension until patching is possible
Edit LocalSettings.php and add: $wgDiscussionToolsEnable = false;
Implement WAF Rules
allAdd web application firewall rules to block suspicious expression language patterns
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user inputs
- Deploy rate limiting and request throttling to mitigate ReDoS impact
🔍 How to Verify
Check if Vulnerable:
Check MediaWiki version and DiscussionTools extension status in LocalSettings.php and extension configurationCheck Version:
Check MediaWiki version via Special:Version page or $wgVersion in configurationVerify Fix Applied:
Verify MediaWiki version is 1.44.1+ or DiscussionTools extension has been updated to patched version📡 Detection & Monitoring
Log Indicators:
- Unusually long processing times for specific requests
- CPU spikes correlated with user input patterns
- Multiple failed requests with similar payloads
Network Indicators:
- Increased response times for MediaWiki pages
- Timeout errors on specific discussion pages
SIEM Query:
search source="mediawiki.log" "processing_time" > 5000 | where request_uri contains "discussion"