MediaWiki Short Description Extension Vulnerability Affects Version 4.0.0
CVE-2025-53369

8.6HIGH

Key Information:

Vendor: Starcitizentools
Status: Mediawiki-extensions-shortdescription
Vendor: CVE Published:; 3 July 2025

🔔 Create Starcitizentools Vulnerability Alert

What is CVE-2025-53369?

The MediaWiki Short Description extension, specifically in version 4.0.0, possesses a vulnerability that allows arbitrary HTML to be injected into the Document Object Model (DOM). This occurs due to insufficient sanitization of user input when utilizing the mw.util.addSubtitle method. As a result, any user with the ability to edit a page can exploit this weakness by inserting malicious HTML, potentially leading to security breaches or defacement of the content. A fix was introduced in version 4.0.1, addressing this critical issue.

Affected Version(s)

mediawiki-extensions-ShortDescription >= 05f6c6824f8f37dcc2d51cf6df4e7a09bea2196c, < 2c18bd21c5de53c336f55b6ff42f2983ea5796b4 < 05f6c6824f8f37dcc2d51cf6df4e7a09bea2196c, 2c18bd21c5de53c336f55b6ff42f2983ea5796b4

mediawiki-extensions-ShortDescription >= 4.0.0, < 4.0.1 < 4.0.0, 4.0.1

References

https://github.com/StarCitizenTools/mediawiki-extensions-...

x_refsource_CONFIRM

https://github.com/StarCitizenTools/mediawiki-extensions-...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 27, 2025