CVE-2025-6590
Publication date 2 February 2026
Last updated 10 July 2026
Ubuntu priority
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mediawiki | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v4.0
Base score
4.6 · Medium
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-6590
- https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/TT45WDZ7MDTXXBEFLBMLAJI532O2PN2U/
- https://phabricator.wikimedia.org/T392746
- https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165112 (master)
- https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1165084 (REL1_39)