CVE-2025-53625

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53625

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53625.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53625

Aliases

GHSA-7pgw-q3qp-6pgq

Published

2025-07-10T18:31:22.996Z

Modified

2026-04-02T12:53:20.621489Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

DynamicPageList3 exposes hidden/suppressed usernames

Details

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.

Database specific

{
    "cwe_ids": [
        "CWE-359"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53625.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git

github.com/universal-omega/dynamicpagelist3

Affected ranges

Type

GIT

Repo

https://github.com/universal-omega/dynamicpagelist3

Events

Introduced

Fixed

db57791cd0a822f4bc55eb9edc4a6e6c53d24342

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.6.4"
        }
    ]
}

Affected versions

3.*

3.3.10

3.3.5

3.3.6

3.3.7

3.3.8

3.3.9

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.5.0

3.5.1

3.5.2

3.6.0

3.6.1

3.6.2

3.6.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53625.json"

github.com/universal-omega/dynamicpagelist4