CVE-2025-62654 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in the MediaWiki QuizGame extension versions 1.39, 1.43, and 1.44. The vulnerability stems from improper neutralization of input during the generation of web pages, allowing an attacker with high privileges to inject malicious scripts that are stored persistently within the application. When other users view the affected pages, the malicious script executes in their browsers, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability requires an attacker to have high privileges (PR:H) and user interaction (UI:P), which limits the ease of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), high attack complexity (AC:H), privileges required (PR:H), and user interaction needed (UI:P), with low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). No known exploits are currently reported in the wild, and no patches have been linked yet. The issue affects MediaWiki installations that use the QuizGame extension, which is a popular extension for interactive quizzes on wiki platforms. Given the nature of stored XSS, the risk lies in persistent malicious code execution affecting users who access the compromised content. The Wikimedia Foundation is the vendor responsible for this extension and the vulnerability disclosure.

For European organizations, the impact of this vulnerability is primarily on the confidentiality and integrity of user sessions and data within MediaWiki platforms that utilize the QuizGame extension. Stored XSS can enable attackers to steal authentication tokens, perform actions on behalf of users, or manipulate displayed content, potentially damaging organizational reputation and trust. Public-facing wikis or collaborative knowledge bases used by government agencies, educational institutions, or enterprises are at higher risk. However, the requirement for high privileges to inject malicious code and the need for user interaction reduce the likelihood of widespread exploitation. Still, targeted attacks against high-value users or administrators could lead to unauthorized access or data leakage. The low CVSS score reflects this limited impact, but organizations should not disregard the threat, especially those with significant MediaWiki deployments in Europe.

1. Monitor for and apply official patches or updates from The Wikimedia Foundation for the QuizGame extension as soon as they become available. 2. Restrict the ability to input content in the QuizGame extension to trusted users only, minimizing the risk of malicious script injection. 3. Implement strict Content Security Policies (CSP) to limit the execution of unauthorized scripts within MediaWiki pages. 4. Conduct regular security audits and code reviews of custom or third-party MediaWiki extensions to detect and remediate input validation issues. 5. Educate administrators and users about the risks of stored XSS and encourage cautious interaction with untrusted content. 6. Employ web application firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting MediaWiki. 7. Use security headers such as X-XSS-Protection and HTTPOnly cookies to reduce the impact of potential XSS attacks. 8. Limit the privileges of users who can create or edit quiz content to reduce the attack surface.