CVE-2025-62665 is a stored Cross-site Scripting (XSS) vulnerability identified in the BlueSky skin of the Mediawiki software maintained by the Wikimedia Foundation. The vulnerability stems from improper neutralization of input during web page generation, classified under CWE-79. This flaw allows an attacker to inject malicious scripts that are stored persistently within the wiki content and executed in the browsers of users who view the affected pages. The vulnerability affects Mediawiki versions prior to 1.39, specifically the master branch before this release. The CVSS 4.0 vector indicates the attack can be performed remotely over the network without requiring any privileges or user interaction, making it relatively easy to exploit. The impact on confidentiality, integrity, and availability is limited but non-negligible, as malicious scripts could lead to session hijacking, unauthorized actions on behalf of users, or data leakage. No known exploits have been reported in the wild yet, but the presence of stored XSS in a widely used wiki platform poses a significant risk, especially for organizations hosting sensitive or collaborative content. The vulnerability is particularly relevant for environments where Mediawiki is used with the BlueSky skin, which may be deployed in various enterprise and public sector contexts. The lack of available patches at the time of publication necessitates close monitoring and prompt application of updates once released. Additional mitigations include enforcing strict input validation, sanitization, and implementing Content Security Policies to restrict script execution. Overall, this vulnerability highlights the importance of secure coding practices in web application skins and templates that dynamically generate content.

For European organizations, this vulnerability could lead to unauthorized script execution within internal or public-facing Mediawiki instances, potentially resulting in session hijacking, credential theft, or unauthorized actions performed under the context of legitimate users. Organizations using Mediawiki for documentation, knowledge bases, or collaborative platforms may experience data integrity issues or exposure of sensitive information. Public sector entities and educational institutions that rely heavily on Mediawiki could be targeted to disrupt information sharing or to conduct espionage. While the vulnerability does not directly compromise system availability, the exploitation of stored XSS can facilitate further attacks such as phishing or malware delivery. The ease of exploitation without authentication increases the risk of automated or opportunistic attacks. Given the widespread use of Mediawiki in Europe, especially in countries with strong open-source adoption and Wikimedia community presence, the impact could be significant if not addressed promptly.

European organizations should immediately assess their Mediawiki deployments to determine if the BlueSky skin is in use and verify the version of Mediawiki installed. The primary mitigation is to upgrade to Mediawiki version 1.39 or later once patches addressing this vulnerability are released. Until then, organizations should consider disabling or replacing the BlueSky skin with a non-vulnerable alternative. Implement strict input validation and sanitization on all user-generated content to prevent injection of malicious scripts. Deploy Content Security Policies (CSP) that restrict the execution of inline scripts and only allow trusted sources to execute scripts. Regularly audit wiki content for suspicious or unexpected scripts, especially in pages with high edit activity. Employ web application firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting Mediawiki. Educate users and administrators about the risks of XSS and encourage cautious handling of links and content within the wiki environment. Monitor security advisories from the Wikimedia Foundation for updates and patches related to this vulnerability.