CVE-2025-32699 — Injection in Foundation Mediawiki

CWE-74 — Injection CWE-79 — Cross-site Scripting4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.4%

top 39.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wikimedia Foundation Mediawiki Wikimedia Foundation Parsoid Mediawiki +1 more

Timeline

PublishedApr 10

Description

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5wikimedia_foundation/parsoid< 0.16.5, 0.19.2, 0.20.2

▶CVEListV5wikimedia_foundation/mediawiki< 1.39.12, 1.42.6, 1.43.1

▶debiandebian/mediawiki< mediawiki 1:1.39.12-1~deb12u1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.35.13-1+deb11u4+3

🔴Vulnerability Details

GHSA

GHSA-pq7c-cvqp-fq9x: Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid↗2025-04-10

▶

OSV

CVE-2025-32699: Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid↗2025-04-10

▶

📋Vendor Advisories

Debian

CVE-2025-32699: mediawiki - Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.Th...↗2025

▶