CVE-2025-6590
Complete content leak of private wikis due to PasswordReset Wikitext injection in error message
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php.
This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
Affected products
Wikimedia Foundation · MediaWikiWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →