CVE-2025-62668

Insufficient permission checks in action=growthsetmentor

Description

Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39.

INFO

Published Date :

2025-10-18T04:39:28.390Z

Last Modified :

2025-10-20T16:27:08.378Z

Source :

wikimedia-foundation

AFFECTED PRODUCTS

The following products are affected by CVE-2025-62668 vulnerability.

Vendors	Products
Mediawiki	Mediawiki

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62668.

URL	Resource
https://gerrit.wikimedia.org/r/q/I29a18dbbaf7e2ce2a713233dbc6880032fec3628
https://phabricator.wikimedia.org/T402600

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability