Cross-Site Scripting Vulnerability in MediaWiki's Wikibase Media Info Extension by Wikimedia Foundation
CVE-2025-32069

10CRITICAL

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Wikibase Media Info Extension
Vendor: CVE Published:; 11 April 2025

Summary

The vulnerability in Wikimedia's MediaWiki - Wikibase Media Info Extension arises from improper input validation, which permits attackers to exploit the system through Cross-Site Scripting (XSS). This issue has been identified in versions 1.39 through 1.43, potentially allowing malicious scripts to be executed in the context of a user's session. Therefore, users are advised to update to the latest versions to mitigate this vulnerability.

Affected Version(s)

Mediawiki - Wikibase Media Info Extension 1.39 <= 1.43

References

https://phabricator.wikimedia.org/T387691

https://gerrit.wikimedia.org/r/q/Ie969a8cfeab0d4457417773...

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

Dylsss

matthiasmullie