Code Injection Vulnerability in MediaWiki LanguageSelector Extension by Wikimedia Foundation
CVE-2025-62697

8.8HIGH

Key Information:

Vendor: The Wikimedia Foundation
Status: Mediawiki - Languageselector Extension
Vendor: CVE Published:; 20 October 2025

🔔 Create The Wikimedia Foundation Vulnerability Alert

What is CVE-2025-62697?

A vulnerability exists in the Wikimedia Foundation's MediaWiki - LanguageSelector Extension that allows for malicious code injection due to improper neutralization of special elements. This can enable attackers to execute arbitrary code within the application, affecting the integrity and security of the application environment. The issue is present in all versions prior to 1.39, making prompt updates essential to mitigate risks associated with this security flaw.

Affected Version(s)

Mediawiki - LanguageSelector Extension master < 1.39

References

https://gerrit.wikimedia.org/r/q/I338288e756de4e58a3f1f02...

https://phabricator.wikimedia.org/T399724

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 20, 2025

Credit

SomeRandomDeveloper

JSON