关键漏洞信息 漏洞ID CVE-2025-62649 漏洞描述 UserinfoCard: activeLocalBlocksAllFields does not do permissions checks 影响版本 1.38.0 (released) 1.37.0 (released) 1.36.0 (released) 相关更改 SECURITY Include suppress nodes in CategoryEditor profiler SECURITY Exclude suppress nodes in CategoryEditor profiler 时间线 2022-08-15: Mentioned here: T346466#8751246 UserCon2022 is coming and we are clicking buttons! 2022-08-15: Some vulnerabilities addressed: Trust and Safety Product Sprint - Checklist for Card Creation 2022-08-15: Some vulnerabilities addressed: Election of the Office MediaWiki Stewards 2022-08-15: An update to the bot was released today with a regression fix to T346466#8751246 UserCon2022 is coming and we are clicking buttons! 备注 The vulnerability involves insufficient permission checks in the UserinfoCard component, specifically related to . The issue has been addressed in subsequent versions with changes to include and exclude suppress nodes in the CategoryEditor profiler.