CVE-2025-49575 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the Citizen skin for MediaWiki, developed by StarCitizenTools. This skin integrates various extensions to provide a unified user experience. The vulnerability arises because multiple system messages are inserted into the CommandPaletteFooter component as raw HTML without proper sanitization or neutralization of input. Specifically, any user with the 'editinterface' permission—but lacking the 'editsitejs' permission—can edit these system messages and inject arbitrary HTML code into the Document Object Model (DOM). This improper input handling allows an attacker to execute malicious scripts in the context of other users viewing the affected wiki pages. The vulnerability affects Citizen skin versions from 3.2.0 up to but not including 3.3.1, and also certain Git commit ranges prior to the fix. The issue does not require user interaction to exploit once the malicious content is published, but does require the attacker to have elevated privileges (editinterface rights). The CVSS v3.1 base score is 6.5 (medium severity), with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high impact on confidentiality and integrity but no impact on availability. No known exploits in the wild have been reported as of publication. The vulnerability was fixed in version 3.3.1 of the Citizen skin by properly neutralizing input before rendering it as HTML in the CommandPaletteFooter.

For European organizations using MediaWiki with the Citizen skin, this vulnerability poses a significant risk to the confidentiality and integrity of their wiki content and potentially sensitive information. An attacker with editinterface privileges could inject malicious scripts that execute in the browsers of other users, leading to session hijacking, credential theft, or unauthorized actions performed on behalf of legitimate users. This could undermine trust in internal knowledge bases or public-facing documentation portals. Since the vulnerability does not affect availability, denial-of-service is unlikely. However, the ability to execute arbitrary scripts could facilitate further attacks such as phishing or lateral movement within an organization’s network. Organizations with collaborative wiki environments, especially those that delegate interface editing rights to multiple users, are at higher risk. The medium severity rating reflects the requirement for elevated privileges, limiting exploitation to insiders or compromised accounts. Nonetheless, the potential for high confidentiality and integrity impact means that sensitive European institutions, including governmental, research, and corporate entities relying on MediaWiki for documentation, could face reputational damage, data leakage, or compliance issues if exploited.

1. Upgrade immediately to Citizen skin version 3.3.1 or later, where the vulnerability is patched. 2. Audit and restrict the assignment of the 'editinterface' user right to only trusted administrators to minimize the risk of malicious edits. 3. Implement monitoring and alerting on changes to system messages or interface components within MediaWiki to detect suspicious modifications promptly. 4. Employ Content Security Policy (CSP) headers on wiki deployments to mitigate the impact of injected scripts by restricting script sources and execution contexts. 5. Conduct regular security reviews of user permissions and interface customization workflows to ensure no unnecessary privileges are granted. 6. Educate administrators and editors about the risks of injecting raw HTML and encourage the use of safe markup practices. 7. If upgrading immediately is not feasible, consider temporarily disabling or restricting access to the CommandPaletteFooter or the affected interface components as a stopgap measure. 8. Review and sanitize any existing system messages that may have been modified prior to patching to remove malicious content.