CVE-2025-53484 is a critical cross-site scripting (XSS) vulnerability identified in the SecurePoll extension of the Wikimedia Foundation's Mediawiki software. This vulnerability arises from improper neutralization of user-controlled inputs during web page generation, specifically in the VotePage.php file where poll option inputs are handled, and in the ResultPage::getPagesTab() and getErrorsTab() functions where user-controllable page names are processed. Due to insufficient escaping of these inputs, attackers can inject malicious JavaScript code into the web pages generated by the SecurePoll extension. This injected script can execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or other malicious actions without requiring any user interaction or authentication. The affected versions include Mediawiki SecurePoll extension releases from 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The vulnerability has a CVSS v3.1 score of 9.8, indicating a critical severity level with network attack vector, low attack complexity, no privileges required, and no user interaction needed. Although no known exploits are currently reported in the wild, the nature of the vulnerability and its critical rating suggest a high risk of exploitation once publicly disclosed. This vulnerability can compromise confidentiality, integrity, and availability of affected systems by enabling attackers to execute arbitrary scripts, manipulate user sessions, and potentially pivot to further attacks within the affected Mediawiki deployments.

For European organizations using Mediawiki with the SecurePoll extension, this vulnerability poses a significant risk. Mediawiki is widely used in various sectors including government, education, and enterprises for collaborative documentation and knowledge management. Exploitation of this XSS flaw could lead to unauthorized access to sensitive internal information, session hijacking of privileged users, and potential spread of malware through trusted wiki pages. Given the criticality and ease of exploitation, attackers could target European public sector wikis or corporate knowledge bases to disrupt operations or conduct espionage. The impact extends beyond data confidentiality to integrity and availability, as attackers could deface wiki pages or inject misleading information. This could undermine trust in organizational knowledge repositories and cause operational disruptions. Additionally, compliance with European data protection regulations such as GDPR could be jeopardized if personal data is exposed or manipulated through this vulnerability.

European organizations should prioritize upgrading the SecurePoll extension to the fixed versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. Until patches are applied, organizations should implement strict input validation and output encoding on all user-supplied data related to polls and page names within their Mediawiki deployments. Employing Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Additionally, organizations should audit their Mediawiki configurations to disable or limit the use of the SecurePoll extension if not essential. Monitoring web server logs and Mediawiki access logs for unusual requests or payloads targeting poll options or page names can help detect attempted exploitation. User awareness training should emphasize caution when interacting with wiki content, especially in environments where the extension is used. Finally, organizations should maintain regular backups of wiki content to enable recovery in case of defacement or data manipulation.