Cross-Site Scripting Vulnerability in Mediawiki - Version Compare by Wikimedia Foundation
CVE-2025-32078

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Version Compare Extension
Vendor: CVE Published:; 11 April 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-32078?

A vulnerability exists in the Mediawiki - Version Compare Extension developed by the Wikimedia Foundation, allowing for Cross-Site Scripting (XSS). This flaw occurs due to improper encoding or escaping of output, affecting versions from 1.39 through 1.43. Malicious actors could exploit this vulnerability to inject arbitrary scripts into web pages viewed by users, potentially compromising the integrity and confidentiality of user data. It is crucial to address this security issue to protect users from possible attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mediawiki - Version Compare Extension 1.39 <= 1.43

References

https://phabricator.wikimedia.org/T384269

https://gerrit.wikimedia.org/r/q/If901b3b98e615e1a4f4034d...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

BlankEclair

JSON

The Wikimedia Foundation