Improper Input Validation in Mediawiki - Wikidata Extension by Wikimedia Foundation
CVE-2025-32071

10CRITICAL

Key Information:

Vendor

The Wikimedia Foundation

Status
Mediawiki - Wikidata Extension
Vendor
CVE Published:
11 April 2025

What is CVE-2025-32071?

The Wikimedia Foundation's Mediawiki - Wikidata Extension suffers from an improper input validation vulnerability that allows for Cross-Site Scripting (XSS) attacks. This security issue arises from inadequate handling of user input through the widthheight message in the ImageHandler::getDimensionsString() function. The flaw can be exploited in versions 1.39 to 1.43, facilitating the injection of malicious scripts. Users and administrators of affected versions are urged to apply the necessary patches to safeguard their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mediawiki - Wikidata Extension 1.39 <= 1.43

References

https://phabricator.wikimedia.org/T389369
https://gerrit.wikimedia.org/r/q/Iac1f1c27054bfd1a4a42512...

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucas_Werkmeister_WMDE
JSON
.