CVE-2025-53625: DynamicPageList3 vulnerability exposes hidden/suppressed usernames

July 10, 2025

Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag.

References

github.com/Universal-Omega/DynamicPageList3
github.com/Universal-Omega/DynamicPageList3/commit/a3dae0c89fb4214390c29ceffa23bbe2099986d6
github.com/Universal-Omega/DynamicPageList3/security/advisories/GHSA-7pgw-q3qp-6pgq
github.com/advisories/GHSA-7pgw-q3qp-6pgq
nvd.nist.gov/vuln/detail/CVE-2025-53625

Code Behaviors & Features

Detect and mitigate CVE-2025-53625 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →