CVE-2025-67482 in Scribunto
Summary
by MITRE • 02/03/2026
Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C.
This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/04/2026
The vulnerability identified as CVE-2025-67482 represents a critical security flaw within the Wikimedia Foundation Scribunto extension and luasandbox library ecosystem. This issue manifests in the program files located within the includes/Engines/LuaCommon/lualib/mwInit.Lua component, specifically affecting the library.C implementation. The vulnerability impacts multiple versions of the Scribunto extension across different release branches, with affected versions including those prior to 1.39.16, 1.43.6, 1.44.3, and 1.45.1, alongside luasandbox versions before the commit hash fea2304f8f6ab30314369a612f4f5b165e68e95a. This represents a significant concern for Wikimedia platforms that rely on Lua-based sandboxed execution environments for user-generated content and template processing.
The technical flaw stems from insufficient input validation and sanitization mechanisms within the mwInit.Lua initialization module, which processes and executes Lua code within the sandboxed environment. This weakness allows for potential code injection attacks that could bypass the intended security boundaries of the luasandbox implementation. The vulnerability specifically targets the interaction between the Scribunto extension's Lua execution engine and the underlying luasandbox library, creating a pathway for malicious actors to execute arbitrary code within the restricted environment. This type of vulnerability falls under the CWE-74 category of Improper Neutralization of Special Elements in Output Used by a Downstream Component, and more specifically aligns with CWE-94 for Uncontrolled Resource Consumption, as it could potentially lead to resource exhaustion attacks.
The operational impact of this vulnerability extends across all Wikimedia projects that utilize the Scribunto extension for Lua-based template processing and content generation. Attackers could exploit this flaw to execute unauthorized code within the sandboxed environment, potentially leading to data theft, service disruption, or further escalation attacks against the underlying infrastructure. The vulnerability's presence in multiple release branches indicates a widespread risk across different Wikimedia platform versions, making it particularly dangerous for organizations that maintain multiple service versions. This issue directly affects the principle of least privilege and code isolation that the luasandbox is designed to enforce, potentially allowing attackers to access restricted system resources or execute commands beyond the intended sandbox boundaries.
Mitigation strategies for CVE-2025-67482 should prioritize immediate patching of all affected Scribunto and luasandbox installations to the latest secure versions. Organizations should implement comprehensive monitoring for suspicious code execution patterns and unauthorized modifications to the mwInit.Lua file or related components. The ATT&CK framework categorizes this vulnerability under T1059.007 for Command and Scripting Interpreter: Lua, indicating that defensive measures should include runtime monitoring for Lua code execution anomalies. Additional protective measures include implementing strict file integrity monitoring for the affected library.C and mwInit.Lua components, restricting write permissions to these critical files, and conducting thorough security audits of all user-generated templates and Lua code. Network segmentation and application firewalls should be configured to limit access to the affected systems, while incident response procedures should be updated to address potential exploitation attempts targeting this specific vulnerability. Organizations should also consider implementing automated patch management systems to ensure rapid deployment of security updates across all affected Wikimedia platform installations.