CVE-2025-61651 i18n XSS through Special:CheckUser CheckUser helper

🗓️ 03 Feb 2026 00:53:14Reported by wikimedia-foundationType

Cross site scripting in CheckUser helper via Special CheckUser affects versions before 1.44.1.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-61651	3 Feb 202600:53	–	attackerkb
CNNVD	Wikimedia CheckUser 安全漏洞	3 Feb 202600:00	–	cnnvd
CVE	CVE-2025-61651	3 Feb 202600:53	–	cve
EUVD	EUVD-2025-206637	3 Feb 202600:53	–	euvd
NVD	CVE-2025-61651	3 Feb 202602:16	–	nvd
OpenVAS	MediaWiki < 1.39.14, 1.40.x < 1.43.4, 1.44.x < 1.44.1 Multiple Vulnerabilities - Windows	14 Oct 202500:00	–	openvas
OpenVAS	MediaWiki < 1.39.14, 1.40.x < 1.43.4, 1.44.x < 1.44.1 Multiple Vulnerabilities - Linux	14 Oct 202500:00	–	openvas
Positive Technologies	PT-2026-5739	3 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-61651	4 Feb 202603:15	–	redhatcve
Vulnrichment	CVE-2025-61651 i18n XSS through Special:CheckUser CheckUser helper	3 Feb 202600:53	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "CheckUser",
    "programFiles": [
      "modules/ext.checkUser/checkuser/checkUserHelper/buildUserElement.js"
    ],
    "repo": "https://gerrit.wikimedia.org/g/mediawiki/extensions/CheckUser/+/refs/heads/master",
    "vendor": "Wikimedia Foundation",
    "versions": [
      {
        "lessThan": "1.44.1",
        "status": "affected",
        "version": "*",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
phabricator	www.phabricator.wikimedia.org/T403408

03 Feb 2026 00:53Current

CVSS 40

EPSS0.00187

CWE-79