CVE-2025-62665 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 affecting the BlueSky skin of the Mediawiki software maintained by the Wikimedia Foundation. The vulnerability exists due to improper neutralization of user-supplied input during the generation of web pages, which allows attackers to inject malicious JavaScript code that is stored persistently and executed in the context of users visiting the affected pages. This flaw affects Mediawiki versions prior to 1.39, specifically the BlueSky skin branch from the master codebase. The vulnerability does not require any authentication or user interaction to exploit, making it remotely exploitable over the network. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and partial impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The scope is limited to the vulnerable component (SC:N), but the impact can include theft of session tokens, defacement, or redirection to malicious sites. No public exploits or patches are currently available, but the issue is published and should be addressed promptly. The vulnerability primarily threatens organizations using Mediawiki with the BlueSky skin, which is common in knowledge management and documentation platforms. Given the nature of stored XSS, attackers can target multiple users and potentially escalate attacks to compromise user accounts or internal systems.

For European organizations, the impact of CVE-2025-62665 can be significant, especially for those relying on Mediawiki for internal or public-facing knowledge bases, documentation, or collaborative platforms. Successful exploitation could lead to session hijacking, unauthorized actions performed on behalf of users, defacement of content, or distribution of malware through injected scripts. This undermines the confidentiality and integrity of information and can disrupt availability by causing user distrust or triggering automated defenses that block access. Public sector entities, educational institutions, and research organizations in Europe often use Mediawiki extensively, making them attractive targets. The vulnerability could also be leveraged in supply chain attacks if attackers compromise widely used documentation portals. Although the CVSS score is medium, the ease of exploitation without authentication and user interaction increases the risk. The absence of known exploits in the wild currently reduces immediate threat but does not eliminate the potential for future attacks once exploit code becomes available.

To mitigate CVE-2025-62665, European organizations should prioritize upgrading Mediawiki installations to version 1.39 or later, where the vulnerability is addressed. If immediate upgrading is not feasible, administrators should disable or avoid using the BlueSky skin until patched. Implement strict input validation and output encoding mechanisms for any custom skins or extensions to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts and reduce the impact of XSS attacks. Regularly audit Mediawiki deployments for unauthorized content or suspicious script injections. Monitor web server and application logs for anomalous requests indicative of exploitation attempts. Educate users about the risks of XSS and encourage reporting of unusual behavior on Mediawiki platforms. Finally, maintain a robust incident response plan to quickly contain and remediate any detected exploitation.