CVE-2025-67646
📋 TL;DR
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the TableProgressTracking MediaWiki extension. Attackers can craft malicious webpages that, when visited by authenticated users, trigger unauthorized actions like deleting or tracking progress against tables. This affects all MediaWiki installations with TableProgressTracking extension versions 1.2.0 and below enabled.
💻 Affected Systems
- TableProgressTracking MediaWiki extension
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Authenticated users could have their table progress data deleted or manipulated without their knowledge, potentially disrupting workflow tracking and data integrity.
Likely Case
Attackers could manipulate table progress tracking data, causing confusion or data corruption in collaborative wiki environments.
If Mitigated
With proper CSRF token validation, all unauthorized requests would be rejected, preventing exploitation.
🎯 Exploit Status
Exploitation requires an authenticated user to visit a malicious webpage while logged into the vulnerable MediaWiki instance.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.1
Vendor Advisory: https://github.com/Telepedia/TableProgressTracking/security/advisories/GHSA-j24f-hw6w-cq78
Restart Required: No
Instructions:
1. Update TableProgressTracking extension to version 1.2.1 or later. 2. Verify the update by checking extension version in MediaWiki. 3. No MediaWiki restart required.
🔧 Temporary Workarounds
Disable TableProgressTracking extension
allTemporarily disable the vulnerable extension until patching is possible
Edit LocalSettings.php and remove or comment out wfLoadExtension('TableProgressTracking');
🧯 If You Can't Patch
- Implement web application firewall rules to block suspicious REST API requests
- Educate users about CSRF risks and safe browsing practices
🔍 How to Verify
Check if Vulnerable:
Check MediaWiki's extensions directory for TableProgressTracking version. If version is 1.2.0 or below, the system is vulnerable.Check Version:
Check MediaWiki's LocalSettings.php or extension directory for TableProgressTracking version information.Verify Fix Applied:
Verify TableProgressTracking extension version is 1.2.1 or higher in MediaWiki extension manager.📡 Detection & Monitoring
Log Indicators:
- Unusual REST API requests to TableProgressTracking endpoints without CSRF tokens
- Multiple table progress modifications from same user in short timeframe
Network Indicators:
- HTTP POST requests to TableProgressTracking REST endpoints without proper referrer headers or CSRF tokens
SIEM Query:
source="mediawiki.log" AND "TableProgressTracking" AND ("DELETE" OR "POST") AND NOT "csrf_token"