Insertion of Sensitive Information Into Sent Data

CVE-2025-67476

Low

1.3/10

Summary

Vulnerability lies in the Wikimedia Foundation MediaWiki. This vulnerability is associated with the program files "includes/Import/ImportableOldRevisionImporter.Php". This issue affects MediaWiki versions prior to 1.44.3 and 1.45.x prior to 1.45.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-201 - Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

Advisory

Advisory Timeline

Published Feb 03, 2026

Insertion of Sensitive Information Into Sent Data

CVE-2025-67476

Summary

CWE-201 - Insertion of Sensitive Information Into Sent Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS