{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6927", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "state": "PUBLISHED", "assignerShortName": "wikimedia-foundation", "dateReserved": "2025-06-30T14:30:22.357Z", "datePublished": "2026-02-02T22:55:09.395Z", "dateUpdated": "2026-02-03T21:12:49.615Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MediaWiki", "programFiles": ["includes/specials/pagers/BlockListPager.php", "includes/api/ApiQueryBlocks.php"], "repo": "https://gerrit.wikimedia.org/g/mediawiki/core/+/refs/heads/master", "vendor": "Wikimedia Foundation", "versions": [{"lessThan": "1.39.13, 1.42.7 1.43.2, 1.44.0", "status": "affected", "version": ">= 1.42.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in Wikimedia Foundation MediaWiki.<p> This vulnerability is associated with program files <tt>includes/specials/pagers/BlockListPager.Php</tt>, <tt>includes/api/ApiQueryBlocks.Php</tt>.</p><p>This issue affects MediaWiki: from &gt;= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.</p>"}], "value": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.\n\nThis issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 2.3, "baseSeverity": "LOW", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2026-02-02T22:55:09.395Z"}, "references": [{"url": "https://phabricator.wikimedia.org/T397595"}], "source": {"discovery": "UNKNOWN"}, "title": "Autoblocks from global account suppressions are publicly visible", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T21:12:43.710900Z", "id": "CVE-2025-6927", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T21:12:49.615Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6927", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T21:12:43.710900Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T21:12:47.157Z"}}], "cna": {"title": "Autoblocks from global account suppressions are publicly visible", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gerrit.wikimedia.org/g/mediawiki/core/+/refs/heads/master", "vendor": "Wikimedia Foundation", "product": "MediaWiki", "versions": [{"status": "affected", "version": ">= 1.42.0", "lessThan": "1.39.13, 1.42.7 1.43.2, 1.44.0", "versionType": "semver"}], "programFiles": ["includes/specials/pagers/BlockListPager.php", "includes/api/ApiQueryBlocks.php"], "defaultStatus": "unaffected"}], "references": [{"url": "https://phabricator.wikimedia.org/T397595"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.\n\nThis issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in Wikimedia Foundation MediaWiki.<p> This vulnerability is associated with program files <tt>includes/specials/pagers/BlockListPager.Php</tt>, <tt>includes/api/ApiQueryBlocks.Php</tt>.</p><p>This issue affects MediaWiki: from &gt;= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.</p>", "base64": false}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2026-02-02T22:55:09.395Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6927", "state": "PUBLISHED", "dateUpdated": "2026-02-03T21:12:49.615Z", "dateReserved": "2025-06-30T14:30:22.357Z", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "datePublished": "2026-02-02T22:55:09.395Z", "assignerShortName": "wikimedia-foundation"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.\n\nThis issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0."}], "id": "CVE-2025-6927", "lastModified": "2026-02-03T16:44:03.343", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "type": "Secondary"}]}, "published": "2026-02-02T23:16:02.580", "references": [{"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "url": "https://phabricator.wikimedia.org/T397595"}], "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "MediaWiki: MediaWiki: Information disclosure via block list handling", "id": "2436108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436108"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-213", "details": ["A flaw was found in MediaWiki, specifically within the handling of block lists via `BlockListPager.Php` and `ApiQueryBlocks.Php`. A remote attacker could exploit this vulnerability with user interaction to achieve low confidentiality impact, potentially disclosing limited information related to block lists."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-6927", "public_date": "2026-02-02T22:55:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6927\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6927\nhttps://phabricator.wikimedia.org/T397595"], "statement": "The impact of this vulnerability is LOW. Autoblocks originating from global account suppressions in MediaWiki are publicly exposed. This information disclosure affects MediaWiki versions from 1.42.0 before 1.39.13, 1.42.7, 1.43.2, and 1.44.0.", "threat_severity": "Low"}