CVE-2025-6590
Complete content leak of private wikis due to PasswordReset Wikitext injection in error message
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php.
This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
Productos afectados
Wikimedia Foundation · MediaWiki¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://phabricator.wikimedia.org/T392746