CVE-2025-23073

CVE-2025-23073: API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter

Vendor Wikimedia Foundation
Product Mediawiki - GlobalBlocking Extension
Weakness CWE-200 · Info exposure
Published January 14, 2025
Last update October 16, 2025

CVSS base score

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
October 16, 2025 Record updated