CVE-2025-32072 — Improper Encoding or Escaping of Output in Mediawiki

CWE-116 — Improper Encoding or Escaping of Output4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.5%

top 32.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki THE Wikimedia Foundation Mediawiki Core Feed Utils

Timeline

PublishedApr 11

Description

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages3 packages

▶CVEListV5the_wikimedia_foundation/mediawiki_core_feed_utils1.39 — 1.43

▶debiandebian/mediawiki< mediawiki 1:1.39.13-1~deb12u1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.35.13-1+deb11u4+3

🔴Vulnerability Details

OSV

CVE-2025-32072: Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection↗2025-04-11

▶

GHSA

GHSA-r5vx-68x4-4jcf: Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection↗2025-04-11

▶

📋Vendor Advisories

Debian

CVE-2025-32072: mediawiki - Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundatio...↗2025

▶