SQL Injection Vulnerability in MediaWiki WatchAnalytics Extension by Wikimedia Foundation
CVE-2025-62658

7.5HIGH

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki Watchanalytics Extension
Vendor: CVE Published:; 20 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62658?

The MediaWiki WatchAnalytics extension, developed by the Wikimedia Foundation, is susceptible to an SQL Injection vulnerability. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access and manipulation. The versions affected include 1.43 and 1.44. It is crucial for users to apply security patches and follow best practices to safeguard their systems against exploitation.

Affected Version(s)

MediaWiki WatchAnalytics extension 1.43

MediaWiki WatchAnalytics extension 1.44

References

https://phabricator.wikimedia.org/T406380

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

SomeRandomDeveloper

JSON