CVE-2025-62663 identifies a stored Cross-site Scripting (XSS) vulnerability in the UploadWizard extension of MediaWiki, a widely used open-source platform for collaborative content management. The vulnerability stems from improper neutralization of input during web page generation, classified under CWE-79. This flaw allows attackers to inject malicious scripts that are stored persistently and executed in the browsers of users who access the affected pages. The vulnerability affects the UploadWizard extension versions before 1.39 on the master branch. The CVSS 4.0 vector indicates a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N), with low to limited impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). This means an attacker can exploit the vulnerability remotely without authentication or user interaction, increasing the risk profile. Although no known exploits are currently reported in the wild, the potential for session hijacking, theft of sensitive information, or defacement of content exists. The UploadWizard extension is commonly used to facilitate file uploads in MediaWiki installations, including Wikimedia projects and other organizations leveraging MediaWiki for knowledge management. The vulnerability's persistence and execution in user browsers make it particularly dangerous for users with elevated privileges or access to sensitive information. The Wikimedia Foundation has published this vulnerability on October 18, 2025, but no patch links are currently available, indicating a need for urgent remediation once patches are released. The vulnerability's medium severity rating reflects the balance between ease of exploitation and the limited but significant impact on confidentiality and integrity.

For European organizations using MediaWiki with the UploadWizard extension, this vulnerability poses a risk of unauthorized script execution within user browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of users. Public institutions, universities, research organizations, and governmental bodies that rely on MediaWiki for collaborative content management are particularly vulnerable, as attackers could leverage this flaw to compromise sensitive information or disrupt operations. The stored nature of the XSS means malicious scripts can persist and affect multiple users over time, increasing the attack surface. Additionally, attackers could use this vulnerability to spread misinformation or deface content, undermining trust in critical knowledge repositories. The impact on confidentiality and integrity is notable, while availability impact is limited but possible if defacement or malicious scripts disrupt normal usage. The lack of required authentication or user interaction simplifies exploitation, increasing the likelihood of successful attacks if unpatched. Given the widespread use of MediaWiki in Europe, the vulnerability could affect a broad range of organizations, especially those with public-facing wikis or collaborative platforms.

Organizations should monitor the Wikimedia Foundation's advisories closely and apply patches or updates to the UploadWizard extension as soon as they become available. In the interim, administrators should implement strict input validation and sanitization on all user-supplied data within the UploadWizard extension to prevent malicious script injection. Deploying a robust Content Security Policy (CSP) can help mitigate the impact by restricting the execution of unauthorized scripts in browsers. Additionally, organizations should review and limit user permissions to reduce the risk of malicious content being uploaded or edited by untrusted users. Regular security audits and code reviews of MediaWiki extensions can help identify and remediate similar vulnerabilities proactively. Logging and monitoring for unusual activities related to the UploadWizard extension can aid in early detection of exploitation attempts. Finally, educating users about the risks of XSS and encouraging cautious behavior when interacting with wiki content can reduce the impact of potential attacks.