CVE-2025-53500 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the MassEditRegex extension of the Wikimedia Foundation's Mediawiki software. This vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and store executable scripts within the Mediawiki pages managed by the MassEditRegex extension. The affected versions include 1.39.x prior to 1.39.12, 1.42.x prior to 1.42.7, and 1.43.x prior to 1.43.2. The flaw enables attackers to execute arbitrary JavaScript in the context of users viewing the compromised pages, potentially leading to session hijacking, defacement, or redirection to malicious sites. The CVSS v3.1 base score is 5.6, indicating a medium severity level, with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. This means the attack can be launched remotely over the network without privileges or user interaction, but requires high attack complexity. The impact affects confidentiality, integrity, and availability at a low level. No known exploits are currently reported in the wild. The vulnerability is specific to the MassEditRegex extension, which is used for batch editing of wiki pages using regular expressions, a feature that can be critical for large-scale wiki maintenance and content management.

For European organizations, especially those operating public or private wiki platforms based on Mediawiki with the MassEditRegex extension enabled, this vulnerability poses a risk of persistent XSS attacks. Such attacks can compromise user sessions, steal credentials, or manipulate displayed content, undermining trust and potentially leading to data leakage or misinformation. Public sector entities, educational institutions, and enterprises relying on Mediawiki for documentation and collaboration could face reputational damage and operational disruption. Given the medium severity and the requirement for high attack complexity, the threat is moderate but should not be underestimated, particularly in environments with high user interaction or where sensitive information is managed. The lack of known exploits suggests a window of opportunity for proactive patching before active exploitation occurs.

Organizations should promptly upgrade the MassEditRegex extension to the fixed versions: 1.39.12 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. In the absence of immediate patching, administrators should consider disabling the MassEditRegex extension temporarily to eliminate the attack surface. Implement strict Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on wiki pages. Conduct thorough input validation and output encoding on any user-generated content, especially where batch editing features are used. Regularly audit wiki pages for suspicious scripts or injected content. Additionally, monitor logs for unusual activity related to the MassEditRegex extension and educate users on recognizing potential phishing or session hijacking attempts stemming from XSS attacks.