{
  "threat_severity" : "Low",
  "public_date" : "2026-02-02T22:55:09Z",
  "bugzilla" : {
    "description" : "MediaWiki: MediaWiki: Information disclosure via block list handling",
    "id" : "2436108",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2436108"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-213",
  "details" : [ "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.\nThis issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.", "A flaw was found in MediaWiki, specifically within the handling of block lists via `BlockListPager.Php` and `ApiQueryBlocks.Php`. A remote attacker could exploit this vulnerability with user interaction to achieve low confidentiality impact, potentially disclosing limited information related to block lists." ],
  "statement" : "The impact of this vulnerability is LOW. Autoblocks originating from global account suppressions in MediaWiki are publicly exposed. This information disclosure affects MediaWiki versions from 1.42.0 before 1.39.13, 1.42.7, 1.43.2, and 1.44.0.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-6927\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6927\nhttps://phabricator.wikimedia.org/T397595" ],
  "name" : "CVE-2025-6927",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}