{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-02T22:57:30Z",
  "bugzilla" : {
    "description" : "MediaWiki: MediaWiki: Vulnerability in authentication management",
    "id" : "2436116",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2436116"
  },
  "cvss3" : {
    "cvss3_base_score" : "0.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-654",
  "details" : [ "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php.\nThis issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.", "A flaw was found in MediaWiki, specifically within the `includes/auth/AuthManager.Php` program file. This vulnerability affects the authentication management component. The exact nature and impact of this flaw are not fully detailed in the available information, but it indicates a weakness in how MediaWiki handles user authentication." ],
  "statement" : "The vulnerability in MediaWiki stems from its failure to consider user autocreation as a login event for security reauthentication purposes. This could impact MediaWiki instances running on Fedora 42 and Fedora 43 if user autocreation is enabled, potentially leading to unintended security bypasses during reauthentication flows.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-6597\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6597\nhttps://phabricator.wikimedia.org/T389009" ],
  "name" : "CVE-2025-6597",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}