Vulnerability in Wikimedia Foundation MediaWiki and Parsoid Products
CVE-2025-32699

2.1LOW

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki; Parsoid
Vendor: CVE Published:; 10 April 2025

Summary

A security flaw has been identified in the Wikimedia Foundation's MediaWiki and Parsoid software, potentially exposing systems running outdated versions. The vulnerability affects MediaWiki versions prior to 1.39.12, as well as versions 1.42.6 and 1.43.1. Parsoid versions before 0.16.5 and specifically 0.19.2 and 0.20.2 are also impacted. Organizations utilizing these products should promptly update to newer versions to mitigate risks associated with this vulnerability.

Affected Version(s)

MediaWiki 0 < 1.39.12, 1.42.6, 1.43.1

Parsoid 0 < 0.16.5, 0.19.2, 0.20.2

References

https://phabricator.wikimedia.org/T387130

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Apr 9, 2025