What is the CVSS score of CVE-2025-53625?

CVE-2025-53625 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. EPSS exploitation probability: 0.0%.

Which versions of Mediawiki are affected by CVE-2025-53625?

A vulnerability in the DynamicPageList3 MediaWiki extension allows unauthorized disclosure of hidden usernames, potentially exposing identities of users that your organization has deliberately…. A patch is available.

How to fix or mitigate CVE-2025-53625?

Within 24 hours: identify all MediaWiki instances running DynamicPageList3 and document the current version; assess whether the extension is actively used and what data sensitivity exists. Within 7 days: disable the DynamicPageList3 extension as an interim measure, or severely restrict access to #dpl parameters that can leak usernames; document any operational impact. Within 30 days: monitor for vendor release of patch version 3.6.4 or later and plan immediate deployment; evaluate alternative reporting solutions if the extension cannot be safely re-enabled.

Mediawiki CVE-2025-53625

EUVD-2025-21047 HIGH

Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)

2025-07-10 security-advisories@github.com

GHSA-7pgw-q3qp-6pgq

Information Disclosure Mediawiki PHP

8.7

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21047

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 19:15 nvd

HIGH 8.7

DescriptionGitHub Advisory

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.

AnalysisAI

A security vulnerability in DynamicPageList3 extension (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 8.7 indicates high severity. Affects DynamicPageList3 extension.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-53625 vulnerability details – vuln.today

Back