Sensitive Information Exposure in MediaWiki by Wikimedia Foundation
CVE-2025-6590

4.6MEDIUM

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki
Vendor: CVE Published:; 2 February 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-6590?

A vulnerability in Wikimedia Foundation's MediaWiki allows unauthorized actors to access sensitive information through a flaw in the program files, specifically in includes/htmlform/fields/HTMLUserTextField.php. This issue potentially exposes user data and could lead to privacy violations. Users are encouraged to review their MediaWiki installations to ensure they are not using affected versions ranging from unspecified versions to 1.44.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MediaWiki * <= 1.39.12, 1.42.76 1.43.1, 1.44.0

References

https://phabricator.wikimedia.org/T392746

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Jun 24, 2025

JSON

Wikimedia Foundation