CVE-2025-61646 – This vulnerability in MediaWiki's EnhancedChang... (How to Fix)

Q: What is the severity of CVE-2025-61646?

CVE-2025-61646 has a CVSS score of N/A (Unknown). This vulnerability in MediaWiki's EnhancedChangesList.php allows attackers to potentially execute unauthorized actions or access sensitive data through improper input handling. It affects all MediaWiki instances running vulnerable versions, particularly those with recent changes features enabled.

📋 TL;DR

This vulnerability in MediaWiki's EnhancedChangesList.php allows attackers to potentially execute unauthorized actions or access sensitive data through improper input handling. It affects all MediaWiki instances running vulnerable versions, particularly those with recent changes features enabled.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: MediaWiki 1.39.x before 1.39.14, 1.43.x before 1.43.4, 1.44.x before 1.44.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations with recent changes functionality enabled (default)

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and data exfiltration

🟠

Likely Case

Information disclosure or privilege escalation through crafted recent changes queries

🟢

If Mitigated

Limited impact with proper input validation and access controls

🌐 Internet-Facing: HIGH - MediaWiki instances are typically internet-facing and this affects core functionality

🏢 Internal Only: MEDIUM - Internal wikis could still be exploited by authenticated users

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some authentication level; details not fully disclosed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.39.14, 1.43.4, or 1.44.1

Vendor Advisory: https://phabricator.wikimedia.org/T398706

Restart Required: No

Instructions:

1. Backup your MediaWiki installation and database. 2. Download the patched version from mediawiki.org. 3. Replace the includes/RecentChanges/EnhancedChangesList.php file. 4. Run update.php if database schema changes are required.

🔧 Temporary Workarounds

Disable Enhanced Recent Changes

all

Temporarily disable the EnhancedChangesList feature to mitigate the vulnerability

Add $wgUseRCPatrol = false; to LocalSettings.php

🧯 If You Can't Patch

Implement strict input validation for recent changes queries
Restrict access to recent changes functionality to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in includes/DefaultSettings.php or via Special:Version page

Check Version:

grep 'wgVersion' includes/DefaultSettings.php

Verify Fix Applied:

Verify version is 1.39.14, 1.43.4, or 1.44.1+ and check file hash of EnhancedChangesList.php

📡 Detection & Monitoring

Log Indicators:

Unusual recent changes queries
Errors in EnhancedChangesList.php
Multiple failed recent changes requests

Network Indicators:

Abnormal recent changes API calls
Suspicious parameter patterns in recent changes requests

SIEM Query:

source="mediawiki.log" AND ("EnhancedChangesList" OR "RecentChanges") AND (error OR exception)

📊 Metadata

CVE ID: CVE-2025-61646

CVSS v3 Score: N/A (Unknown)

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T398706