Cross-Site Scripting Vulnerability in Wikimedia Foundation MediaWiki WebAuthn Extension
CVE-2025-62652

5.8MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki Webauthn Extension
Vendor: CVE Published:; 17 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62652?

The Wikimedia Foundation's MediaWiki WebAuthn extension is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input neutralization during web page generation. This vulnerability could allow an attacker to inject malicious scripts that may be executed in the context of a user’s session, potentially compromising sensitive user data and the integrity of the web application. The issue affects specific versions of the extension: 1.39, 1.43, and 1.44. Ensuring updates to the latest version can help mitigate this security risk.

Affected Version(s)

MediaWiki WebAuthn extension 1.39

MediaWiki WebAuthn extension 1.43

MediaWiki WebAuthn extension 1.44

References

https://phabricator.wikimedia.org/T403093

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

Roan Kattouw

JSON