Cyber Resilience

CVE-2025-53371

CriticalDDoS

Published: 10 July 2025

Published
10 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
EPSS Score 0.0022 44.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53371 is a critical-severity Uncontrolled Resource Consumption (CWE-400) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2025-53371 affects the DiscordNotifications extension for MediaWiki, which sends notifications of wiki actions to Discord channels. The vulnerability stems from the extension's use of curl and file_get_contents to send requests to arbitrary URLs specified in the $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls configuration variables. This improper handling enables denial-of-service (DoS) attacks by forcing the server to read large files and server-side request forgery (SSRF) if internal unprotected APIs are accessible via HTTP POST requests, potentially leading to remote code execution (RCE). The issue is associated with CWE-400 (Uncontrolled Resource Consumption) and CWE-918 (Server-Side Request Forgery) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).

An attacker with low privileges, such as an authenticated wiki user capable of triggering notifications, can exploit this over the network with no user interaction required. By manipulating the configured webhook URLs, they can direct the server to fetch and process large remote files, causing resource exhaustion and DoS. SSRF allows requests to internal services, which could expose sensitive data or, in configurations with vulnerable internal APIs accepting POST requests, escalate to RCE.

The vulnerability is addressed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e of the miraheze/DiscordNotifications repository. Security practitioners should update to this fixed version and review webhook URL configurations to ensure they point only to trusted endpoints, as detailed in the GitHub security advisory GHSA-gvfx-p3h5-qf65.

EU & UK References

Vulnerability details

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and $wgDiscordAdditionalIncomingWebhookUrls. This allows for DOS by causing…

more

the server to read large files. SSRF is also possible if there are internal unprotected APIs that can be accessed using HTTP POST requests, which could also possibly lead to RCE. This vulnerability is fixed in commit 1f20d850cbcce5b15951c7c6127b87b927a5415e.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

SSRF + resource exhaustion in public-facing MediaWiki extension directly enables T1190 exploitation and T1499 DoS variants via large-file fetches or internal API abuse leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39304Shared CWE-400
CVE-2026-21637Shared CWE-400
CVE-2025-40944Shared CWE-400
CVE-2025-70886Shared CWE-400
CVE-2026-46834Shared CWE-400
CVE-2026-33204Shared CWE-400
CVE-2026-23824Shared CWE-400
CVE-2026-34648Shared CWE-400
CVE-2025-56424Shared CWE-400
CVE-2025-24269Shared CWE-400

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation patches the DiscordNotifications extension vulnerability fixed in commit 1f20d850, comprehensively preventing DoS via large file reads and SSRF to internal APIs.

prevent

Validates webhook URLs from configuration before using curl or file_get_contents, mitigating SSRF to unprotected internal APIs and DoS from malicious large files.

prevent

Implements denial-of-service protections to limit resource consumption and exhaustion from repeated notification-triggered fetches of large remote files.

References