CWE-778
Insufficient Logging
When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.
CVE-2025-53498 (GCVE-0-2025-53498)
Vulnerability from cvelistv5
Published
2025-07-07 18:35
Modified
2025-07-08 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-778 - Insufficient Logging
Summary
Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wikimedia Foundation | Mediawiki - AbuseFilter Extension |
Version: 1.43.x ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53498",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T15:31:35.755560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:35:51.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://phabricator.wikimedia.org/T397221"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - AbuseFilter Extension",
"vendor": "Wikimedia Foundation",
"versions": [
{
"lessThan": "1.43.2",
"status": "affected",
"version": "1.43.x",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dreamy Jazz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.\u003cp\u003eThis issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.\u003c/p\u003e"
}
],
"value": "Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2."
}
],
"impacts": [
{
"capecId": "CAPEC-118",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-118: Data Leakage Attacks"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T20:07:39.308Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T397221"
},
{
"url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1166844"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of Audit Logging in AbuseFilter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-53498",
"datePublished": "2025-07-07T18:35:48.826Z",
"dateReserved": "2025-06-30T15:36:41.720Z",
"dateUpdated": "2025-07-08T20:07:39.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66552 (GCVE-0-2025-66552)
Vulnerability from cvelistv5
Published
2025-12-05 16:36
Modified
2025-12-05 18:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-778 - Insufficient Logging
Summary
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nextcloud | security-advisories |
Version: >= 32.0.0beta1, < 32.0.1 Version: < 31.0.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:24:11.355947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:25:06.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 32.0.0beta1, \u003c 32.0.1"
},
{
"status": "affected",
"version": "\u003c 31.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:36:39.749Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-ww9m-f8j4-jj9x"
},
{
"name": "https://github.com/nextcloud/server/pull/50992",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/pull/50992"
},
{
"name": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/server/commit/7cc005c43c72bc384848cf8cb851895827c412f6"
},
{
"name": "https://hackerone.com/reports/2890071",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2890071"
}
],
"source": {
"advisory": "GHSA-ww9m-f8j4-jj9x",
"discovery": "UNKNOWN"
},
"title": "Nextcloud Server admin_audit does not log all actions on files in groupfolders"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66552",
"datePublished": "2025-12-05T16:36:39.749Z",
"dateReserved": "2025-12-04T15:57:22.034Z",
"dateUpdated": "2025-12-05T18:25:06.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Use a centralized logging mechanism that supports multiple levels of detail.
Mitigation
Phase: Implementation
Description:
- Ensure that all security-related successes and failures can be logged. When storing data in the cloud (e.g., AWS S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to enable and capture detailed logging information.
Mitigation
Phase: Operation
Description:
- Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems, including unexpected costs when using a cloud environment.
Mitigation
Phase: Operation
Description:
- To enable storage logging using Azure's Portal, navigate to the name of the Storage Account, locate Monitoring (CLASSIC) section, and select Diagnostic settings (classic). For each of the various properties (blob, file, table, queue), ensure the status is properly set for the desired logging data. If using PowerShell, the Set-AzStorageServiceLoggingProperty command could be called using appropriate -ServiceType, -LoggingOperations, and -RetentionDays arguments.
No CAPEC attack patterns related to this CWE.