CVE-2025-6927 – This vulnerability in MediaWiki's block list fu... (How to Fix)

Q: What is the severity of CVE-2025-6927?

CVE-2025-6927 has a CVSS score of N/A (Unknown). This vulnerability in MediaWiki's block list functionality could allow attackers to access sensitive information or perform unauthorized actions. It affects MediaWiki installations running vulnerable versions, potentially exposing sites with block list features enabled.

📋 TL;DR

This vulnerability in MediaWiki's block list functionality could allow attackers to access sensitive information or perform unauthorized actions. It affects MediaWiki installations running vulnerable versions, potentially exposing sites with block list features enabled.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: from >= 1.42.0 before 1.39.13, 1.42.7, 1.43.2, 1.44.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects installations with block list functionality enabled (default in MediaWiki)

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive block data or unauthorized modification of block configurations

🟠

Likely Case

Information leakage about blocked users, IP addresses, or administrative actions

🟢

If Mitigated

Limited impact if proper access controls and input validation are implemented

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some level of access or knowledge of MediaWiki's block system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.39.13, 1.42.7, 1.43.2, 1.44.0 or later

Vendor Advisory: https://phabricator.wikimedia.org/T397595

Restart Required: No

Instructions:

1. Backup your MediaWiki installation. 2. Update to the patched version using your package manager or manual download. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable block list API endpoints

all

Temporarily restrict access to vulnerable API endpoints

# Add to LocalSettings.php: $wgAPIListModules['blocks'] = false;
# Restrict access to includes/api/ApiQueryBlocks.php

🧯 If You Can't Patch

Implement strict access controls to block list functionality
Monitor and audit all access to block-related API endpoints and pages

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version and compare against affected versions. Review includes/specials/pagers/BlockListPager.php and includes/api/ApiQueryBlocks.php files.

Check Version:

grep 'wgVersion' includes/DefaultSettings.php or check Special:Version page

Verify Fix Applied:

Confirm version is 1.39.13, 1.42.7, 1.43.2, 1.44.0 or later. Test block list functionality for anomalies.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to block list pages or API
Multiple failed attempts to access block-related endpoints
Unexpected parameter values in block-related requests

Network Indicators:

Abnormal traffic to /api.php with block-related queries
Requests to block list special pages with suspicious parameters

SIEM Query:

source="mediawiki.log" AND (uri_path="/api.php" AND query="action=query&list=blocks" OR uri_path="/Special:BlockList")

📊 Metadata

CVE ID: CVE-2025-6927

CVSS v3 Score: N/A (Unknown)

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T397595