Cross-Site Scripting Vulnerability in Wikimedia's MediaWiki LastModified Extension
CVE-2025-62693

6.9MEDIUM

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Lastmodified Extension
Vendor: CVE Published:; 20 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62693?

An improper neutralization of input during web page generation in the LastModified Extension of Wikimedia's MediaWiki can lead to stored Cross-Site Scripting (XSS) vulnerabilities. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users, potentially compromising user sessions or delivering harmful payloads. Affected versions include all prior to 1.39. It is crucial for users of this extension to evaluate their risk and seek mitigation strategies to enhance their web security.

Affected Version(s)

Mediawiki - LastModified Extension master < 1.39

References

https://phabricator.wikimedia.org/T399583

https://gerrit.wikimedia.org/r/q/Ia406630dbac5ef9a9aed3f4...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 20, 2025

Credit

SomeRandomDeveloper

JSON