CVE-2025-32700: 
Linux Debian vulnerability analysis and mitigation

The vulnerability identified as CVE-2025-32700 is an Exposure of Sensitive Information to an Unauthorized Actor vulnerability affecting Wikimedia Foundation's AbuseFilter. The issue was discovered in AbuseFilter versions from 1.43.0 before 1.43.1, specifically impacting multiple program files including QueryAbuseLog.Php, AbuseLogPager.Php, SpecialAbuseLog.Php, and AbuseFilterViewExamine.Php. The vulnerability was disclosed on April 10, 2025 (NVD Database).

The vulnerability has been assigned CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). According to the CVSS 4.0 scoring system, it received a CVSS-B score of 2.3 (LOW) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/RE:M/U:Green (NVD Database).

The vulnerability allows unauthorized actors to access sensitive information through the AbuseFilter component. The impact is considered LOW based on the CVSS score, with limited potential for confidentiality breach (NVD Database).

The vulnerability has been addressed in AbuseFilter version 1.43.1. Users are advised to upgrade to this version or later to mitigate the security risk. The fix has been included in various distribution updates, including Debian's security update DSA 5901-1 (Debian Security).