CVE-2025-67484 – This vulnerability in MediaWiki's XML API forma... (How to Fix)

Q: What is the severity of CVE-2025-67484?

CVE-2025-67484 has a CVSS score of N/A (Unknown). This vulnerability in MediaWiki's XML API formatting component could allow attackers to execute unauthorized actions or access sensitive data. It affects MediaWiki instances running vulnerable versions, potentially impacting all users of affected wikis.

📋 TL;DR

This vulnerability in MediaWiki's XML API formatting component could allow attackers to execute unauthorized actions or access sensitive data. It affects MediaWiki instances running vulnerable versions, potentially impacting all users of affected wikis.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, 1.45.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the API XML formatting component specifically; all MediaWiki installations with vulnerable versions are affected regardless of configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or website defacement.

🟠

Likely Case

Information disclosure, privilege escalation, or denial of service affecting wiki functionality.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of access or interaction with the API; exact attack vector not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.39.16, 1.43.6, 1.44.3, 1.45.1 or later

Vendor Advisory: https://phabricator.wikimedia.org/T401995

Restart Required: No

Instructions:

1. Backup your MediaWiki installation and database. 2. Download the patched version from mediawiki.org. 3. Replace the includes/Api/ApiFormatXml.php file with the patched version. 4. Verify the update by checking the version in Special:Version.

🔧 Temporary Workarounds

Disable XML API Format

all

Temporarily disable the vulnerable XML API formatting endpoint to prevent exploitation.

Edit LocalSettings.php and add: $wgAPIModules['format'] = [];

🧯 If You Can't Patch

Restrict API access to trusted IP addresses only using web server configuration.
Implement Web Application Firewall (WAF) rules to block suspicious XML API requests.

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version via Special:Version page or by examining includes/Api/ApiFormatXml.php file modification date.

Check Version:

grep -r 'wgVersion' includes/DefaultSettings.php

Verify Fix Applied:

Confirm version is 1.39.16, 1.43.6, 1.44.3, 1.45.1 or later in Special:Version.

📡 Detection & Monitoring

Log Indicators:

Unusual XML API requests, error logs referencing ApiFormatXml.php, unexpected file modifications.

Network Indicators:

Abnormal traffic to /api.php endpoints with XML formatting parameters.

SIEM Query:

source="mediawiki_logs" AND ("ApiFormatXml" OR "xml format")

📊 Metadata

CVE ID: CVE-2025-67484

CVSS v3 Score: N/A (Unknown)

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T401995