Plateforme
php
Composant
discordnotifications
Corrigé dans
1.0.1
CVE-2025-53371 is a critical Remote Code Execution (RCE) vulnerability discovered in the DiscordNotifications extension for MediaWiki. This flaw allows attackers to execute arbitrary code on vulnerable systems by manipulating URLs used for sending notifications to Discord. The vulnerability affects versions of DiscordNotifications prior to commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. A fix has been released in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.
The DiscordNotifications extension, designed to send MediaWiki actions to Discord, introduces a significant security risk due to its handling of external URLs. The vulnerability stems from the extension's use of curl and filegetcontents to send requests to arbitrary URLs specified in $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. An attacker can leverage this to trigger Denial of Service (DoS) attacks by causing the server to read large files. Furthermore, Server-Side Request Forgery (SSRF) becomes possible if internal, unprotected APIs are accessible via HTTP POST requests, potentially escalating to Remote Code Execution. This represents a severe compromise, allowing attackers to gain complete control over the MediaWiki server.
CVE-2025-53371 was publicly disclosed on 2025-07-10. Currently, there are no known public proof-of-concept exploits. The vulnerability's criticality (CVSS 9.1) and potential for RCE suggest a high probability of exploitation if left unpatched. It is not currently listed on CISA KEV.
MediaWiki installations utilizing the DiscordNotifications extension are at risk, particularly those with publicly accessible webhooks or those lacking robust input validation. Shared hosting environments where multiple MediaWiki instances share resources are also at increased risk, as a compromise of one instance could potentially impact others.
• php: Examine MediaWiki configuration files for unusual or externally-facing URLs in $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls.
<?php
// Check for unusual URLs in configuration
if (strpos($_SERVER['REQUEST_URI'], 'wgDiscordIncomingWebhookUrl') !== false) {
echo 'Potential vulnerability detected!';
}
?>• generic web: Monitor access logs for requests to unusual or unexpected URLs originating from the MediaWiki server. • generic web: Check response headers for signs of SSRF attempts (e.g., unexpected server names or IP addresses).
disclosure
Statut de l'Exploit
EPSS
0.06% (percentile 17%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-53371 is to immediately upgrade the DiscordNotifications extension to version 1f20d850cbcce5b15951c7c6127b87b927a5415e. If upgrading is not immediately feasible, consider temporarily disabling the DiscordNotifications extension. As a secondary measure, implement strict input validation and sanitization for the $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls configuration variables to prevent malicious URL injection. Review and restrict network access to internal APIs to prevent SSRF exploitation. After upgrading, confirm the fix by attempting to trigger a notification with a URL pointing to a non-existent resource; the server should not attempt to access the resource.
Mettez à jour l'extension DiscordNotifications à la version qui inclut la correction du commit 1f20d850cbcce5b15951c7c6127b87b927a5415e. Cela évitera la possibilité d'attaques DoS, SSRF et possible RCE. Vérifiez les notes de la version pour obtenir des détails supplémentaires sur la mise à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-53371 is a critical Remote Code Execution vulnerability in the DiscordNotifications extension for MediaWiki, allowing attackers to execute arbitrary code via manipulated URLs.
You are affected if you are using DiscordNotifications for MediaWiki versions prior to 1f20d850cbcce5b15951c7c6127b87b927a5415e.
Upgrade the DiscordNotifications extension to version 1f20d850cbcce5b15951c7c6127b87b927a5415e. Temporarily disable the extension if upgrading is not immediately possible.
There are currently no known public exploits, but the high CVSS score suggests a potential for exploitation.
Refer to the MediaWiki security advisories page for the latest information and updates regarding CVE-2025-53371.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.