CVE-2025-53625 HIGH

CVE-2025-53625: DynamicPageList3 exposes hidden/suppressed usernames

Vendor Universal-Omega
Product DynamicPageList3
Weakness CWE-359
Published July 10, 2025
Last update July 10, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.

Key dates

02Disclosure timeline

July 10, 2025 CVE published
July 10, 2025 Record updated