CVE 6.9 MEDIUM

UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks_CVE-2025-62669

October 18, 2025 invoker category_cve
6.9 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects Mediawiki - CentralAuth Extension: from master before 1.39.

Basic Information

ID CVE-2025-62669
Source wikimedia-foundation
Published Oct 18, 2025 at 04:34

Affected Product

Vendor The Wikimedia Foundation
Product Mediawiki - CentralAuth Extension
Version master
Affected Versions The Wikimedia Foundation Mediawiki - CentralAuth Extension master

CWE Classification

CWE-200

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.