CVE-2025-32079
📋 TL;DR
An improper input validation vulnerability in Wikimedia's GrowthExperiments MediaWiki extension allows attackers to cause HTTP denial-of-service (DoS) conditions. This affects MediaWiki installations with the GrowthExperiments extension enabled, specifically versions 1.39 through 1.43. Attackers can exploit this to disrupt service availability.
💻 Affected Systems
- MediaWiki - GrowthExperiments extension
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability for MediaWiki instances, preventing legitimate users from accessing content or editing functionality.
Likely Case
Partial service degradation with increased response times, failed requests, and intermittent availability issues.
If Mitigated
Minimal impact with proper rate limiting, input validation, and monitoring in place.
🎯 Exploit Status
The vulnerability involves improper input validation that can be triggered via HTTP requests, making exploitation relatively straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.44 or later
Vendor Advisory: https://phabricator.wikimedia.org/T384244
Restart Required: No
Instructions:
1. Update the GrowthExperiments extension to version 1.44 or later. 2. If using MediaWiki's extension management, run update.php. 3. Verify the extension version in LocalSettings.php or via Special:Version.
🔧 Temporary Workarounds
Disable GrowthExperiments extension
allTemporarily disable the vulnerable extension until patching is possible
Edit LocalSettings.php and comment out or remove: wfLoadExtension('GrowthExperiments');
Implement rate limiting
linuxConfigure web server or application rate limiting to mitigate DoS attempts
For Apache: Set LimitRequestBody and LimitRequestFields
For Nginx: limit_req_zone and limit_req directives
🧯 If You Can't Patch
- Implement strict input validation and sanitization at the web application firewall (WAF) level.
- Monitor for abnormal HTTP request patterns and implement automated blocking of suspicious IP addresses.
🔍 How to Verify
Check if Vulnerable:
Check the GrowthExperiments extension version via MediaWiki's Special:Version page or examine LocalSettings.php for wfLoadExtension('GrowthExperiments') with version 1.39-1.43.Check Version:
php maintenance/run.php ./extensions/GrowthExperiments/maintenance/checkVersion.phpVerify Fix Applied:
Confirm GrowthExperiments extension version is 1.44 or higher via Special:Version page.📡 Detection & Monitoring
Log Indicators:
- Unusually high number of HTTP requests to GrowthExperiments endpoints
- Increased error rates (4xx/5xx) from GrowthExperiments functionality
- Requests with malformed or unexpected input patterns
Network Indicators:
- Spike in traffic to /w/rest.php/v1/growth* endpoints
- Abnormal request patterns from single IP addresses
SIEM Query:
source="apache_access" OR source="nginx_access" | where url_path LIKE "/w/rest.php/v1/growth%" | stats count by src_ip | where count > 100