Plattform
php
Komponente
discordnotifications
Behoben in
1.0.1
CVE-2025-53371 is a critical Remote Code Execution (RCE) vulnerability discovered in the DiscordNotifications extension for MediaWiki. This flaw allows attackers to execute arbitrary code on vulnerable systems by manipulating URLs used for sending notifications to Discord. The vulnerability affects versions of DiscordNotifications prior to commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. A fix has been released in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.
The DiscordNotifications extension, designed to send MediaWiki actions to Discord, introduces a significant security risk due to its handling of external URLs. The vulnerability lies in the use of curl and filegetcontents to fetch data from URLs specified in $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. An attacker can craft malicious URLs that, when accessed by the MediaWiki server, trigger the execution of arbitrary code on the server. This could involve downloading and executing a malicious script, or directly injecting commands into the server's environment. The SSRF component allows access to internal APIs, potentially escalating the attack to RCE. The blast radius extends to the entire MediaWiki installation and potentially the underlying server infrastructure, depending on the server's configuration and privileges.
This vulnerability has been publicly disclosed and assigned a CVSS score of 9.1 (CRITICAL). While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the potential for significant impact make it a high-priority concern. The vulnerability's reliance on standard PHP functions makes it relatively straightforward to exploit, increasing the likelihood of widespread exploitation. No KEV listing is currently available.
MediaWiki installations utilizing the DiscordNotifications extension are at risk, particularly those with publicly accessible webhooks or those lacking robust input validation. Shared hosting environments where multiple MediaWiki instances share resources are also at increased risk, as a compromise of one instance could potentially impact others.
• php: Examine MediaWiki configuration files for unusual or externally-facing URLs in $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls.
<?php
// Check for unusual URLs in configuration
if (strpos($_SERVER['REQUEST_URI'], 'wgDiscordIncomingWebhookUrl') !== false) {
echo 'Potential vulnerability detected!';
}
?>• generic web: Monitor access logs for requests to unusual or unexpected URLs originating from the MediaWiki server. • generic web: Check response headers for signs of SSRF attempts (e.g., unexpected server names or IP addresses).
disclosure
Exploit-Status
EPSS
0.06% (17% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-53371 is to immediately upgrade the DiscordNotifications extension to version 1f20d850cbcce5b15951c7c6127b87b927a5415e or later. If an immediate upgrade is not feasible, consider temporarily disabling the DiscordNotifications extension to prevent exploitation. As a secondary measure, implement strict input validation and sanitization for all URLs used in the $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls configuration variables. Web Application Firewalls (WAFs) can be configured to block requests to suspicious URLs or those originating from untrusted sources. After upgrading, confirm the fix by attempting to access a known malicious URL and verifying that it does not trigger code execution.
Aktualisieren Sie die Erweiterung DiscordNotifications auf die Version, die die Korrektur des Commits 1f20d850cbcce5b15951c7c6127b87b927a5415e enthält. Dies verhindert die Möglichkeit von DoS-, SSRF- und möglicherweise RCE-Angriffen. Überprüfen Sie die Versionshinweise für zusätzliche Details zur Aktualisierung.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-53371 is a critical Remote Code Execution vulnerability in the DiscordNotifications extension for MediaWiki, allowing attackers to execute arbitrary code via manipulated URLs.
You are affected if you are using DiscordNotifications for MediaWiki versions prior to 1f20d850cbcce5b15951c7c6127b87b927a5415e.
Upgrade the DiscordNotifications extension to version 1f20d850cbcce5b15951c7c6127b87b927a5415e. Temporarily disable the extension if upgrading is not immediately possible.
There are currently no known public exploits, but the high CVSS score suggests a potential for exploitation.
Refer to the MediaWiki security advisories page for the latest information and updates regarding CVE-2025-53371.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.