All 7 CVE vulnerabilities found in CheckUser, with AI-generated Chinese analysis, references, and POCs.
Vendor: Wikimedia Foundation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67478 | Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" | 9.8AI | CriticalAI | 2026-02-03 |
| CVE-2025-61658 | Special:GlobalContributions shows edits on wikis the viewer doesn't have access to | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2025-61651 | i18n XSS through Special:CheckUser CheckUser helper CWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61648 | Stored XSS through system messages in CheckUser CWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61649 | UserInfoCard: Check that performing user has permission to view log entries for number of past blocks | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2025-61650 | UserInfoCard is vulnerable to message key stored XSS CWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61647 | UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights | 9.8AI | CriticalAI | 2026-02-03 |
All 7 known CVE vulnerabilities affecting CheckUser with full Chinese analysis, references, and POCs where available.