Vulnerability Description
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.
Related Weaknesses (CWE)
References
- https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29
- https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pg
- https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pg
FAQ
What is CVE-2025-53625?
CVE-2025-53625 is a documented vulnerability. The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been...
How severe is CVE-2025-53625?
CVSS scoring is not yet available for CVE-2025-53625. Check NVD for updates.
Is there a patch for CVE-2025-53625?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.