Sensitive Information Exposure in Wikimedia Foundation Mediawiki CentralAuth Extension
CVE-2025-62669

6.9MEDIUM

Key Information:

Vendor

The Wikimedia Foundation

Status
Mediawiki - Centralauth Extension
Vendor
CVE Published:
18 October 2025

What is CVE-2025-62669?

A vulnerability in the Wikimedia Foundation's Mediawiki - CentralAuth Extension allows unauthorized access to sensitive information due to resource leak exposure. This issue affects versions of the extension prior to 1.39, potentially leading to data leakage and compromise of user privacy.

Affected Version(s)

Mediawiki - CentralAuth Extension master < 1.39

References

https://phabricator.wikimedia.org/T400892
https://gerrit.wikimedia.org/r/q/I15b14cbff28ba769e72e4d0...

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dom_walden
mszabo
JSON
.
CVE-2025-62669 : Sensitive Information Exposure in Wikimedia Foundation Mediawiki CentralAuth Extension