CVE-2025-53371
Published: 10 July 2025
Summary
CVE-2025-53371 is a critical-severity Uncontrolled Resource Consumption (CWE-400) vulnerability. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).
Deeper analysis
CVE-2025-53371 affects the DiscordNotifications extension for MediaWiki, which sends notifications of wiki actions to Discord channels. The vulnerability stems from the extension's use of curl and file_get_contents to send requests to arbitrary URLs specified in the $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls configuration variables. This improper handling enables denial-of-service (DoS) attacks by forcing the server to read large files and server-side request forgery (SSRF) if internal unprotected APIs are accessible via HTTP POST requests, potentially leading to remote code execution (RCE). The issue is associated with CWE-400 (Uncontrolled Resource Consumption) and CWE-918 (Server-Side Request Forgery) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
An attacker with low privileges, such as an authenticated wiki user capable of triggering notifications, can exploit this over the network with no user interaction required. By manipulating the configured webhook URLs, they can direct the server to fetch and process large remote files, causing resource exhaustion and DoS. SSRF allows requests to internal services, which could expose sensitive data or, in configurations with vulnerable internal APIs accepting POST requests, escalate to RCE.
The vulnerability is addressed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e of the miraheze/DiscordNotifications repository. Security practitioners should update to this fixed version and review webhook URL configurations to ensure they point only to trusted endpoints, as detailed in the GitHub security advisory GHSA-gvfx-p3h5-qf65.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21013
Vulnerability details
DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing…
more
the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF + resource exhaustion in public-facing MediaWiki extension directly enables T1190 exploitation and T1499 DoS variants via large-file fetches or internal API abuse leading to RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation patches the DiscordNotifications extension vulnerability fixed in commit 1f20d850, comprehensively preventing DoS via large file reads and SSRF to internal APIs.
Validates webhook URLs from configuration before using curl or file_get_contents, mitigating SSRF to unprotected internal APIs and DoS from malicious large files.
Implements denial-of-service protections to limit resource consumption and exhaustion from repeated notification-triggered fetches of large remote files.