CVE-2025-53625
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| universal-omega | dynamicpagelist3 | 3.6.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the DynamicPageList3 extension for MediaWiki, which is a reporting tool that lists category members and intersections. Certain parameters (#dpl) in this extension can leak usernames that were intended to be hidden through revision deletion, suppression, or the hideuser block flag. This means that usernames that should remain confidential can be exposed unintentionally.
How can this vulnerability impact me? :
The vulnerability can lead to unintended disclosure of usernames that were meant to be hidden. This could compromise user privacy and potentially expose sensitive user information, which might be exploited for further attacks or misuse.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in DynamicPageList3 extension version 3.6.4. Immediate mitigation is to upgrade the DynamicPageList3 extension to version 3.6.4 or later.