CVE-2025-53369 is a high-severity cross-site scripting (XSS) vulnerability identified in the ShortDescription extension for MediaWiki, developed by StarCitizenTools. This extension provides local short description support for MediaWiki pages. The vulnerability exists in version 4.0.0 of the extension, where user-supplied short descriptions are not properly sanitized before being inserted into the DOM as HTML via the mw.util.addSubtitle function. This improper neutralization of input (CWE-79) allows any user with edit permissions to inject arbitrary HTML or JavaScript code into the page content. Because the vulnerability does not require authentication or user interaction to exploit, an attacker can execute malicious scripts in the context of the victim's browser simply by having the victim visit a compromised or maliciously edited wiki page. The CVSS v3.1 base score is 8.6, reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, with limited impact on integrity and availability. The vulnerability was patched in version 4.0.1 of the extension. No known exploits are currently reported in the wild. The affected versions include all releases from 4.0.0 up to but not including 4.0.1, and certain commit ranges specified in the metadata. This vulnerability is significant because MediaWiki is widely used for collaborative documentation and knowledge bases, and the ShortDescription extension is used to enhance page metadata. Successful exploitation could lead to session hijacking, defacement, or distribution of malware via injected scripts.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on MediaWiki platforms for internal knowledge management, documentation, or public-facing wikis. Exploitation could lead to unauthorized disclosure of sensitive information (confidentiality impact) through session token theft or credential capture. The integrity of wiki content could be compromised by injecting misleading or malicious content, damaging organizational reputation and trust. Availability impact, while rated low, could occur if injected scripts perform denial-of-service actions on users or the wiki platform. Public sector entities, educational institutions, and enterprises using MediaWiki with the ShortDescription extension are at risk of targeted attacks aiming to disrupt operations or gather intelligence. Since the vulnerability requires no authentication, any user with edit access or potentially anonymous users (depending on wiki configuration) could exploit it, increasing the attack surface. The lack of known exploits in the wild suggests limited immediate risk, but the high CVSS score and ease of exploitation warrant prompt remediation to prevent future attacks.

European organizations should immediately upgrade the ShortDescription MediaWiki extension to version 4.0.1 or later, where the vulnerability has been patched. If upgrading is not immediately feasible, organizations should implement strict input validation and sanitization at the application level to prevent injection of arbitrary HTML or scripts in short descriptions. Restricting edit permissions to trusted users can reduce the risk of exploitation. Additionally, enabling Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting the sources from which scripts can be loaded and executed. Regularly auditing wiki pages for suspicious content and monitoring logs for unusual editing activity can help detect exploitation attempts. Organizations should also educate users about the risks of clicking on untrusted wiki links and encourage the use of updated browsers with built-in XSS protections. Finally, maintaining an up-to-date inventory of MediaWiki extensions and their versions will facilitate timely vulnerability management.