How to fix EUVD-2025-21047?

Within 24 hours: identify all MediaWiki instances running DynamicPageList3 and document the current version; assess whether the extension is actively used and what data sensitivity exists. Within 7 days: disable the DynamicPageList3 extension as an interim measure, or severely restrict access to #dpl parameters that can leak usernames; document any operational impact. Within 30 days: monitor for vendor release of patch version 3.6.4 or later and plan immediate deployment; evaluate alternative reporting solutions if the extension cannot be safely re-enabled.

Is Mediawiki affected by EUVD-2025-21047?

A vulnerability in the DynamicPageList3 MediaWiki extension allows unauthorized disclosure of hidden usernames, potentially exposing identities of users that your organization has deliberately concealed for privacy or security reasons.

EUVD-2025-21047

| CVE-2025-53625 HIGH

2025-07-10 [email protected]

GHSA-7pgw-q3qp-6pgq

8.7

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-21047

CVE Published

Jul 10, 2025 - 19:15 nvd

HIGH 8.7

Description

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.

Analysis

A security vulnerability in DynamicPageList3 extension (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Technical Context

Vulnerability type not specified by vendor. CVSS 8.7 indicates high severity. Affects DynamicPageList3 extension.

Affected Products

['DynamicPageList3 extension']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

EUVD-2025-21047 vulnerability details – vuln.today

Back

EUVD-2025-21047

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-21047

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code