CVE-2025-32964

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.

Related Vulnerabilities

CVE-2016-8776

MEDIUM
CVSS:4.6(Medium)

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some f...

CWE-2852016

CVE-2020-1908

MEDIUM
CVSS:4.6(Medium)

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the...

CWE-2852020

CVE-2022-30730

MEDIUM
CVSS:4.6(Medium)

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

CWE-2852022

CVE-2022-36838

MEDIUM
CVSS:4.6(Medium)

Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.

CWE-2852022

CVE-2022-39873

MEDIUM
CVSS:4.6(Medium)

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.

CWE-2852022

CVE-2022-46752

MEDIUM
CVSS:4.6(Medium)

Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

CWE-2852022