Skip to main content

CVE-2025-53500: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Wikimedia Foundation Mediawiki - MassEditRegex Extension

Medium
VulnerabilityCVE-2025-53500cvecve-2025-53500cwe-79
Published: Thu Jul 03 2025 (07/03/2025, 16:17:38 UTC)
Source: CVE Database V5
Vendor/Project: Wikimedia Foundation
Product: Mediawiki - MassEditRegex Extension

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MassEditRegex Extension allows Stored XSS.This issue affects Mediawiki - MassEditRegex Extension: from 1.39.X before 1.39.12, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

AI-Powered Analysis

AILast updated: 07/14/2025, 20:57:43 UTC

Technical Analysis

CVE-2025-53500 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the MassEditRegex extension of the Wikimedia Foundation's Mediawiki software. This vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and store executable scripts within the Mediawiki pages managed by the MassEditRegex extension. The affected versions include 1.39.x prior to 1.39.12, 1.42.x prior to 1.42.7, and 1.43.x prior to 1.43.2. The flaw enables attackers to execute arbitrary JavaScript in the context of users viewing the compromised pages, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS v3.1 base score is 5.6, indicating a medium severity level, with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. This means the attack can be launched remotely over the network without privileges or user interaction, but requires high attack complexity. The impact affects confidentiality, integrity, and availability at a low level. No known exploits are currently reported in the wild. The vulnerability is specific to the MassEditRegex extension, which is used for batch editing of wiki pages using regular expressions, a feature that can be critical for large-scale wiki maintenance and content management.

Potential Impact

For European organizations, especially those operating public or private wiki platforms based on Mediawiki with the MassEditRegex extension enabled, this vulnerability poses a risk of persistent XSS attacks. Such attacks can compromise user sessions, steal credentials, or manipulate displayed content, undermining trust and potentially leading to data leakage or misinformation. Public sector entities, educational institutions, and enterprises relying on Mediawiki for documentation and collaboration could face reputational damage and operational disruption. Given the medium severity and the requirement for high attack complexity, the threat is moderate but should not be underestimated, particularly in environments with high user interaction or where sensitive information is managed. The lack of known exploits suggests a window of opportunity for proactive patching before active exploitation occurs.

Mitigation Recommendations

Organizations should promptly upgrade the MassEditRegex extension to the fixed versions: 1.39.12 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. In the absence of immediate patching, administrators should consider disabling the MassEditRegex extension temporarily to eliminate the attack surface. Implement strict Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on wiki pages. Conduct thorough input validation and output encoding on any user-generated content, especially where batch editing features are used. Regularly audit wiki pages for suspicious scripts or injected content. Additionally, monitor logs for unusual activity related to the MassEditRegex extension and educate users on recognizing potential phishing or session hijacking attempts stemming from XSS attacks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
wikimedia-foundation
Date Reserved
2025-06-30T15:36:41.721Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6866b2446f40f0eb7299335e

Added to database: 7/3/2025, 4:39:32 PM

Last enriched: 7/14/2025, 8:57:43 PM

Last updated: 7/21/2025, 4:43:23 PM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats