CVE-2025-53494 is a medium-severity vulnerability classified under CWE-79, which pertains to Improper Neutralization of Input During Web Page Generation, commonly known as Cross-site Scripting (XSS). This vulnerability affects the TwoColConflict extension of the Wikimedia Foundation's Mediawiki software, specifically versions 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The flaw allows an attacker to inject malicious scripts that are stored and later executed in the context of users visiting affected Mediawiki pages. Since the vulnerability is a stored XSS, the malicious payload is saved on the server and served to users without proper sanitization or encoding, enabling persistent exploitation. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) shows that the attack can be performed remotely over the network without authentication or user interaction, with low attack complexity. The impact affects confidentiality and integrity but not availability. Specifically, an attacker could steal session cookies, perform actions on behalf of users, or manipulate displayed content, potentially leading to account compromise or misinformation. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, but the affected versions have been identified and fixed in subsequent releases.

For European organizations using Mediawiki with the TwoColConflict extension, this vulnerability poses a risk of persistent XSS attacks that can compromise user sessions and data integrity. Organizations relying on Mediawiki for internal knowledge bases, documentation, or public information portals could face unauthorized access to user credentials or manipulation of displayed content, undermining trust and potentially exposing sensitive information. Since the vulnerability requires no authentication or user interaction, it can be exploited by remote attackers, increasing the risk of widespread impact. Public-facing Mediawiki installations in government, educational institutions, and enterprises are particularly at risk, as attackers could leverage the vulnerability to conduct phishing, spread misinformation, or escalate privileges. The lack of availability impact means service disruption is unlikely, but confidentiality and integrity breaches could have reputational and operational consequences.

European organizations should promptly upgrade the TwoColConflict extension to versions 1.39.13, 1.42.7, or 1.43.2 or later, where the vulnerability has been addressed. In the absence of immediate patching, administrators should implement strict input validation and output encoding on all user-supplied content within the extension, especially in conflict resolution interfaces. Employing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Regularly audit Mediawiki installations for unauthorized script injections and monitor logs for suspicious activities. Additionally, limit the extension's usage to trusted users and restrict editing permissions where feasible. Educate users about the risks of clicking unknown links or executing scripts from untrusted sources. Finally, maintain an up-to-date inventory of Mediawiki versions and extensions to ensure timely application of security updates.