Cross-Site Scripting Vulnerability in Wikimedia Foundation MediaWiki
CVE-2025-61642

NONE

Key Information:

Vendor: Wikimedia Foundation
Status: Mediawiki
Vendor: CVE Published:; 2 February 2026

🔔 Create Wikimedia Foundation Vulnerability Alert

What is CVE-2025-61642?

An improper neutralization of input during web page generation in Wikimedia Foundation's MediaWiki could allow an attacker to inject malicious scripts. This vulnerability affects specific program files such as includes/htmlform/CodexHTMLForm.Php and includes/htmlform/fields/HTMLButtonField.Php. Successful exploitation may lead to unauthorized actions on behalf of users who visit the compromised pages.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MediaWiki * < 1.39.14, 1.43.4, 1.44.1

References

https://phabricator.wikimedia.org/T402313

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Sep 29, 2025

JSON

Wikimedia Foundation

What is CVE-2025-61642?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.