CVE-2025-62699

Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent making these edits un-auditable via the CheckUser tool.This issue affects Mediawiki - Translate Extension: from master before 1.39.

INFO

Published Date :

2025-10-21T03:48:50.423Z

Last Modified :

2025-10-21T19:22:21.373Z

Source :

wikimedia-foundation

AFFECTED PRODUCTS

The following products are affected by CVE-2025-62699 vulnerability.

Vendors	Products
Mediawiki	Checkuser Mediawiki

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62699.

URL	Resource
https://gerrit.wikimedia.org/r/q/I65c740c8ca5130b40463d687e2f0775951abbf22
https://gerrit.wikimedia.org/r/q/Idac164418362c65d0ad37055fe9e0ad134197da3
https://phabricator.wikimedia.org/T399627

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability