{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-03T01:24:56Z",
  "bugzilla" : {
    "description" : "MediaWiki: MediaWiki: Vulnerability in ApiFormatXml.Php requiring high privileges",
    "id" : "2436190",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2436190"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-79",
  "details" : [ "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.\nThis issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.", "A flaw was found in MediaWiki. This vulnerability is associated with the includes/Api/ApiFormatXml.Php file. An attacker with high privileges could potentially interact with this flaw." ],
  "statement" : "This vulnerability in MediaWiki allows administrators who are not interface administrators to execute JavaScript through the Action API's XSLT option. The impact is confined to the MediaWiki application, requiring an authenticated administrator account for exploitation. Red Hat deployments of MediaWiki are affected if the application is configured to allow such administrative roles.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-67484\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-67484\nhttps://phabricator.wikimedia.org/T401995" ],
  "name" : "CVE-2025-67484",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}