CNNVD-202602-184 Information

Feb 03, 2026 cve

CNNVD ID

CNNVD-202602-184

CVE-2025-61639

CNNVD Published: 2026-02-03

Description (Chinese)

MediaWiki是美国维基媒体（Wikimedia）基金会的一套自由免费的基于网络的Wiki引擎。该产品可用于部署内部的知识管理和内容管理系统。 MediaWiki 1.39.14之前版本、1.43.4之前版本和1.44.1之前版本存在安全漏洞，该漏洞源于程序文件includes/logging/ManualLogEntry.Php、includes/recentchanges/RecentChangeFactory.Php和includes/recentchanges/RecentChangeStore.Php存在问题，可能导致敏感信息泄露给未授权参与者。

Description (English)

MediaWiki is a free, free, web-based Wiki engine for the Wikimedia Foundation in the United States. The product can be used for the deployment of internal knowledge management and content management systems. There is a security loophole in the pre-MediaWiki, pre-1.43.4 and pre-1.44.1 versions, which stems from the problems of includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php and includes/recentchanges/RecentChangeStore.Php, which may lead to sensitive information leaking to unauthorized participants.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

维基媒体

Published

2026-02-03

Last Modified

2026-02-24

References

https://phabricator.wikimedia.org/T280413

Patch

https://www.mediawiki.org/wiki/MediaWiki

Share on: