CVE-2025-32068

CVE-2025-32068: Revoking authorization of OAuth2 consumer does not invalidate refresh tokens

Vendor The Wikimedia Foundation
Product Mediawiki - OAuth Extension
Weakness CWE-863 · Incorrect authorization
Published April 11, 2025
Last update July 7, 2025

CVSS base score

What the vulnerability does

01Description

Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
July 7, 2025 Record updated