CVE-2025-61639 – This CVE describes an information disclosure vu... (How to Fix)

Q: What is the severity of CVE-2025-61639?

CVE-2025-61639 has a CVSS score of N/A (Unknown). This CVE describes an information disclosure vulnerability in MediaWiki where sensitive information can be exposed to unauthorized users. The vulnerability affects MediaWiki installations through specific logging and recent changes components. All MediaWiki instances running affected versions are potentially vulnerable.

📋 TL;DR

This CVE describes an information disclosure vulnerability in MediaWiki where sensitive information can be exposed to unauthorized users. The vulnerability affects MediaWiki installations through specific logging and recent changes components. All MediaWiki instances running affected versions are potentially vulnerable.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: MediaWiki versions before 1.39.14, 1.43.4, and 1.44.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects includes/logging/ManualLogEntry.php, includes/recentchanges/RecentChangeFactory.php, and includes/recentchanges/RecentChangeStore.php components

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive user data, internal system information, or administrative details that could facilitate further attacks.

🟠

Likely Case

Unauthorized users could view sensitive information from logs or recent changes that should be restricted, potentially exposing user activities or system details.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to information exposure without escalation to system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of access to MediaWiki functionality

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.39.14, 1.43.4, or 1.44.1

Vendor Advisory: https://phabricator.wikimedia.org/T280413

Restart Required: No

Instructions:

1. Backup your MediaWiki installation and database. 2. Download and install the patched version (1.39.14, 1.43.4, or 1.44.1). 3. Run update.php if database schema changes are required. 4. Verify the installation is working correctly.

🔧 Temporary Workarounds

Restrict access to logging functionality

all

Limit access to logging and recent changes features through MediaWiki permissions

🧯 If You Can't Patch

Implement strict access controls to limit who can view logs and recent changes
Monitor access to logging and recent changes functionality for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in LocalSettings.php or via Special:Version page

Check Version:

grep 'wgVersion' LocalSettings.php

Verify Fix Applied:

Verify version is 1.39.14, 1.43.4, or 1.44.1 or higher

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to logging or recent changes functionality
Unusual patterns in log viewing

Network Indicators:

Excessive requests to logging-related endpoints

SIEM Query:

source="mediawiki" AND (event="log_access" OR event="recent_changes") AND user NOT IN authorized_users

📊 Metadata

CVE ID: CVE-2025-61639

CVSS v3 Score: N/A (Unknown)

CWE: CWE-200

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T280413