Vulnerability Details CVE-2025-61648
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/SpecialBlock.Js.
This issue affects CheckUser: from * before 1.44.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.3%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2025-61648
-
cpe:2.3:a:mediawiki:checkuser:1.19
-
cpe:2.3:a:mediawiki:checkuser:1.20
-
cpe:2.3:a:mediawiki:checkuser:1.21
-
cpe:2.3:a:mediawiki:checkuser:1.22
-
cpe:2.3:a:mediawiki:checkuser:1.23
-
cpe:2.3:a:mediawiki:checkuser:1.24
-
cpe:2.3:a:mediawiki:checkuser:1.25
-
cpe:2.3:a:mediawiki:checkuser:1.26
-
cpe:2.3:a:mediawiki:checkuser:1.27
-
cpe:2.3:a:mediawiki:checkuser:1.28
-
cpe:2.3:a:mediawiki:checkuser:1.29
-
cpe:2.3:a:mediawiki:checkuser:1.30
-
cpe:2.3:a:mediawiki:checkuser:1.31
-
cpe:2.3:a:mediawiki:checkuser:1.32
-
cpe:2.3:a:mediawiki:checkuser:1.33
-
cpe:2.3:a:mediawiki:checkuser:1.34
-
cpe:2.3:a:mediawiki:checkuser:1.35