Vulnerability Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent making these edits un-auditable via the CheckUser tool.This issue affects Mediawiki - Translate Extension: from master before 1.39.
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/I65c740c8ca5130b40463d687e2f0775951abbf22
- https://gerrit.wikimedia.org/r/q/Idac164418362c65d0ad37055fe9e0ad134197da3
- https://phabricator.wikimedia.org/T399627
FAQ
What is CVE-2025-62699?
CVE-2025-62699 is a documented vulnerability. Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to mak...
How severe is CVE-2025-62699?
CVSS scoring is not yet available for CVE-2025-62699. Check NVD for updates.
Is there a patch for CVE-2025-62699?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.