CVE-2025-61647 LOW

CVE-2025-61647: UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights

Vendor Wikimedia Foundation
Product CheckUser
Published February 3, 2026
Last update March 3, 2026

CVSS base score

0.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
March 3, 2026 Record updated