CVE-2025-61649 PUBLISHED

UserInfoCard: Check that performing user has permission to view log entries for number of past blocks

Assigner: wikimedia-foundation
Reserved: 29.09.2025 Published: 03.02.2026 Updated: 03.02.2026

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php.

This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
CVSS Score: 1.1

Product Status

Vendor Wikimedia Foundation
Product CheckUser
Versions Default: unaffected
  • affected from 7cedd58781d261f110651b6af4f41d2d11ae7309 to * (excl.)

References