{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6f4a71d531cb802cdb991d2a4ca7bf8fb691defd"
            }
          ],
          "repo": "https://github.com/weirdgloop/mediawiki-extensions-bucket",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-r9f2-4jh3-659j"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-674"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61766.json"
  },
  "details": "Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leading to a denial of service. Version 1.0.0 contains a patch for the issue.",
  "id": "CVE-2025-61766",
  "modified": "2025-12-04T02:34:48.127085592Z",
  "published": "2025-10-06T16:07:04.126Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61766.json"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/blob/ad704120a1660b5929fb5825db1cf85c9c77acf4/includes/Expression/MemberOfExpression.php#L34"
    },
    {
      "type": "FIX",
      "url": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/commit/6f4a71d531cb802cdb991d2a4ca7bf8fb691defd"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/weirdgloop/mediawiki-extensions-Bucket/security/advisories/GHSA-r9f2-4jh3-659j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61766"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Bucket vulnerable to infinite recursion when querying a bucket using the != operator"
}