cvelistv5 - cve-2025-53625

CVE-2025-53625 (GCVE-0-2025-53625)

Vulnerability from cvelistv5

Published

2025-07-10 18:31

Modified

2025-07-10 19:01

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor

Summary

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.

References

►

URL

Tags

	security-advisories@github.com	https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6
	security-advisories@github.com	https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq

Impacted products

	Vendor	Product	Version
	Universal-Omega	DynamicPageList3	Version: < 3.6.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53625",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-10T19:01:36.096118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-10T19:01:40.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DynamicPageList3",
          "vendor": "Universal-Omega",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-359",
              "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-10T18:31:22.996Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
        },
        {
          "name": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6"
        }
      ],
      "source": {
        "advisory": "GHSA-7pgw-q3qp-6pgq",
        "discovery": "UNKNOWN"
      },
      "title": "DynamicPageList3 exposes hidden/suppressed usernames"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53625",
    "datePublished": "2025-07-10T18:31:22.996Z",
    "dateReserved": "2025-07-07T14:20:38.388Z",
    "dateUpdated": "2025-07-10T19:01:40.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53625\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-10T19:15:26.883\",\"lastModified\":\"2025-07-15T13:14:49.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.\"},{\"lang\":\"es\",\"value\":\"La extensi\u00f3n DynamicPageList3 es una herramienta de informes para MediaWiki que lista los miembros de categor\u00edas y las intersecciones con diversos formatos y detalles. Varios par\u00e1metros #dpl pueden filtrar nombres de usuario que se han ocultado mediante la eliminaci\u00f3n de revisiones, la supresi\u00f3n o el indicador de bloqueo \\\"hideuser\\\". La vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.6.4.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-359\"}]}],\"references\":[{\"url\":\"https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53625\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-10T19:01:36.096118Z\"}}}], \"references\": [{\"url\": \"https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-10T19:01:27.179Z\"}}], \"cna\": {\"title\": \"DynamicPageList3 exposes hidden/suppressed usernames\", \"source\": {\"advisory\": \"GHSA-7pgw-q3qp-6pgq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Universal-Omega\", \"product\": \"DynamicPageList3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.6.4\"}]}], \"references\": [{\"url\": \"https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq\", \"name\": \"https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6\", \"name\": \"https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-359\", \"description\": \"CWE-359: Exposure of Private Personal Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-10T18:31:22.996Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-53625\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-10T19:01:40.977Z\", \"dateReserved\": \"2025-07-07T14:20:38.388Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-10T18:31:22.996Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-53625

Vulnerability from fkie_nvd

Published

2025-07-10 19:15

Modified

2025-07-15 13:14

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6
	security-advisories@github.com	https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n DynamicPageList3 es una herramienta de informes para MediaWiki que lista los miembros de categor\u00edas y las intersecciones con diversos formatos y detalles. Varios par\u00e1metros #dpl pueden filtrar nombres de usuario que se han ocultado mediante la eliminaci\u00f3n de revisiones, la supresi\u00f3n o el indicador de bloqueo \"hideuser\". La vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.6.4."
    }
  ],
  "id": "CVE-2025-53625",
  "lastModified": "2025-07-15T13:14:49.980",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-10T19:15:26.883",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-359"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

ghsa-7pgw-q3qp-6pgq

Vulnerability from github

Published

2025-07-10 13:10

Modified

2025-07-10 23:23

Severity ?

8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

DynamicPageList3 vulnerability exposes hidden/suppressed usernames

Details

Summary

Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag.

Details

The parameters adduser, addauthor, and addlasteditor output the page creator or last editor using the %USER% placeholder. These display the actual username, even when that name has been hidden using revision deletion, suppression (oversight), or hideuser.

The %CONTRIBUTOR% placeholder, used with addcontribution, behaves similarly and also reveals hidden usernames.

In addition, the following parameters can expose suppressed usernames when combined with %USER% or similar output placeholders: - lastrevisionbefore - allrevisionsbefore - firstrevisionsince - allrevisionssince

These parameters reference specific revisions and allow output of user-related metadata. If a username has been hidden from those revisions, it may still appear in the output.

Further, the parameters createdby, notcreatedby, modifiedby, notmodifiedby, lastmodifiedby, and notlastmodifiedby accept usernames as input. When the correct (suppressed) username is used, the query may return matching pages or edits. This can reveal the presence and association of a hidden identity, even if not displayed directly. However, this is a more indirect exposure than the output parameters mentioned above.

Proof of Concept

Create a page while logged in as a user.
Revision delete or suppress the username from the page history.
Use a DPL query with one of the affected parameters.
The output reveals the hidden username.

Example

The following query reveals the suppressed username Example user:

wikitext {{#dpl: | title = File:Example.png | addauthor = true | format = ,%USER%,, }}

Similar behavior occurs using parameters like lastrevisionbefore with %USER% in the format string.

Impact

This issue causes the exposure of usernames that were intentionally hidden by administrators. It directly undermines revision deletion, user suppression, and block-related privacy measures. In some cases, usernames can be revealed both directly through output and indirectly through query behavior.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "universal-omega/dynamic-page-list3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-359"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-10T13:10:20Z",
    "nvd_published_at": "2025-07-10T19:15:26Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nSeveral `#dpl` parameters can leak usernames that have been hidden using revision deletion, suppression, or the `hideuser` block flag.\n\n### Details\nThe parameters `adduser`, `addauthor`, and `addlasteditor` output the page creator or last editor using the `%USER%` placeholder. These display the actual username, even when that name has been hidden using revision deletion, suppression (oversight), or `hideuser`.\n\nThe `%CONTRIBUTOR%` placeholder, used with `addcontribution`, behaves similarly and also reveals hidden usernames.\n\nIn addition, the following parameters can expose suppressed usernames when combined with `%USER%` or similar output placeholders:\n- `lastrevisionbefore`\n- `allrevisionsbefore`\n- `firstrevisionsince`\n- `allrevisionssince`\n\nThese parameters reference specific revisions and allow output of user-related metadata. If a username has been hidden from those revisions, it may still appear in the output.\n\nFurther, the parameters `createdby`, `notcreatedby`, `modifiedby`, `notmodifiedby`, `lastmodifiedby`, and `notlastmodifiedby` accept usernames as input. When the correct (suppressed) username is used, the query may return matching pages or edits. This can reveal the presence and association of a hidden identity, even if not displayed directly. However, this is a more indirect exposure than the output parameters mentioned above.\n\n### Proof of Concept\n\n1. Create a page while logged in as a user.\n2. Revision delete or suppress the username from the page history.\n3. Use a DPL query with one of the affected parameters.\n4. The output reveals the hidden username.\n\n#### Example\n\nThe following query reveals the suppressed username `Example user`:\n\n```wikitext\n{{#dpl:\n| title = File:Example.png\n| addauthor = true\n| format = ,%USER%,,\n}}\n```\n\nSimilar behavior occurs using parameters like `lastrevisionbefore` with `%USER%` in the `format` string.\n\n### Impact\nThis issue causes the exposure of usernames that were intentionally hidden by administrators. It directly undermines revision deletion, user suppression, and block-related privacy measures. In some cases, usernames can be revealed both directly through output and indirectly through query behavior.",
  "id": "GHSA-7pgw-q3qp-6pgq",
  "modified": "2025-07-10T23:23:34Z",
  "published": "2025-07-10T13:10:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53625"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Universal-Omega/DynamicPageList3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "DynamicPageList3 vulnerability exposes hidden/suppressed usernames"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-53625 (GCVE-0-2025-53625)

Vulnerability from cvelistv5

fkie_cve-2025-53625

Vulnerability from fkie_nvd

ghsa-7pgw-q3qp-6pgq

Vulnerability from github

Summary

Details

Proof of Concept

Example

Impact

Tags

Sightings

Nomenclature