CVE-2025-61766 MEDIUM

CVE-2025-61766: Bucket vulnerable to infinite recursion when querying a bucket using the != operator

Vendor Weirdgloop
Product mediawiki-extensions-Bucket
Weakness CWE-674
Published October 6, 2025
Last update October 6, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
October 6, 2025 Record updated