CVE-2025-61766
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2025-10-08

Assigner: GitHub, Inc.

Description
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-10-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61766
EUVD
EUVD-2025-33188
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
weirdgloop mediawiki-extensions-bucket *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the MediaWiki extension 'Bucket' prior to version 1.0.0 when a user queries a repeated field using the '!=' operator. The code triggers infinite recursion between two internal functions, causing PHP's call stack or memory limits to be exceeded. This results in a denial of service by making the page inaccessible. The issue is due to uncontrolled recursion in the code handling the '!=' operator on repeated fields. [1]

Impact Analysis

The vulnerability can lead to a denial of service (DoS) condition by exhausting PHP's call stack or memory resources when a crafted query using the '!=' operator on repeated fields is executed. This can make the affected MediaWiki pages inaccessible, disrupting availability of the service. [1]

Detection Guidance

This vulnerability can be detected by monitoring for PHP errors or crashes related to call stack limits or excessive memory consumption when queries using the '!=' operator on repeated fields in the Bucket extension are executed. Specifically, you can look for logs indicating PHP fatal errors due to maximum function nesting level or memory exhaustion. Additionally, testing with Lua module queries such as `bucket('test').select('testfield').where('testfield', '!=', 'abc').run()` on a system running a vulnerable version (prior to 1.0.0) can reproduce the issue. There are no specific network commands provided, but checking MediaWiki logs and PHP error logs for such symptoms is recommended. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the MediaWiki Bucket extension to version 1.0.0 or later, which contains the patch fixing the infinite recursion issue. If upgrading is not immediately possible, avoid using the '!=' comparator on repeated fields in Bucket queries to prevent triggering the recursion. Monitoring and restricting user queries that use this operator can also help mitigate the risk until the patch is applied. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61766. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart