CVE-2025-32964 – ManageWiki Extension Privilege Escalation Vulnerability

April 22, 2025

CVE ID : CVE-2025-32964

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. A workaround involves ensuring that any extensions requiring specific permissions in `$wgManageWikiExtensions` also require the same permissions for managing any conflicting extensions.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43947 – Codemers KLIMS Privilege Escalation Vulnerability

Next Article CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

Highlights

CVE-2025-27455 – Apache Clickjacking Vulnerability

July 3, 2025

CVE ID : CVE-2025-27455

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-32964 – ManageWiki Extension Privilege Escalation Vulnerability

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

Critical Commvault Flaw Allows Full System Takeover – Update NOW

CVE-2025-26168 – IXON VPN Client Local Privilege Escalation

A generalist AI agent for 3D virtual environments

When to choose GitHub-Hosted runners or self-hosted runners with GitHub Actions

CVE-2025-27455 – Apache Clickjacking Vulnerability

CVE-2025-53397 – Advantech iView Reflected Cross-Site Scripting Vulnerability

CVE-2025-53308 – Gopi_plus Image Slider Stored XSS CSRF

CVE-2025-6280 – TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

CVE-2025-32964 – ManageWiki Extension Privilege Escalation Vulnerability

Related Posts