CVE-2025-53485

{"id": "CVE-2025-53485", "cveTags": [], "metrics": {}, "published": "2025-07-04T18:15:23.497", "references": [{"url": "https://gerrit.wikimedia.org/r/149668", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}, {"url": "https://phabricator.wikimedia.org/T392341", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing.\n\n\n\n\nThis issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2."}], "lastModified": "2025-07-04T18:15:23.497", "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}