CVE-2025-62667 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, found in the GrowthExperiments extension of Mediawiki, an open-source wiki platform widely used for collaborative content management. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing malicious scripts to be stored persistently within the application. When a victim accesses the affected page, the malicious script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The affected versions include the master branch before version 1.39 of the GrowthExperiments extension. The CVSS 4.0 base score is 6.9 (medium severity), reflecting that the vulnerability can be exploited remotely without authentication or user interaction, but with limited impact on confidentiality, integrity, and availability. The vulnerability is notable because it affects a component of Mediawiki that may be used in environments requiring high trust, such as educational institutions, government portals, and knowledge bases. No patches or known exploits are currently reported, but the risk remains significant given the nature of stored XSS attacks. The vulnerability's exploitation vector is network-based, requiring only that an attacker submit crafted input that is then rendered unsafely by the extension. This flaw highlights the importance of rigorous input validation and output encoding in web applications, especially those handling user-generated content.

For European organizations, the impact of CVE-2025-62667 can be substantial, particularly for those relying on Mediawiki for internal knowledge management, documentation, or public-facing information portals. Successful exploitation could lead to session hijacking, unauthorized access to sensitive information, defacement of content, or distribution of malware via injected scripts. This could damage organizational reputation, lead to data breaches, and disrupt operations. Since the vulnerability does not require authentication or user interaction, attackers can target any user visiting the compromised pages, increasing the attack surface. Public sector entities, universities, and research institutions in Europe that use Mediawiki extensively are at heightened risk. Additionally, the vulnerability could be leveraged in targeted attacks against high-profile European organizations to conduct espionage or sabotage. The medium severity score suggests a moderate but non-negligible risk, emphasizing the need for timely remediation to prevent exploitation.

1. Apply official patches or updates from The Wikimedia Foundation as soon as they become available for the GrowthExperiments extension, specifically upgrading to version 1.39 or later. 2. If immediate patching is not possible, disable or remove the GrowthExperiments extension to eliminate the attack vector. 3. Implement strict input validation and output encoding on all user-supplied data within the Mediawiki environment, ensuring that scripts or HTML tags are properly sanitized before rendering. 4. Deploy a robust Content Security Policy (CSP) that restricts the execution of inline scripts and limits sources of executable code to trusted domains only. 5. Conduct regular security audits and code reviews of custom extensions or modifications to Mediawiki to detect similar vulnerabilities. 6. Educate administrators and users about the risks of XSS and encourage cautious behavior when interacting with wiki content. 7. Monitor web server logs and application behavior for unusual activities that may indicate exploitation attempts. 8. Consider using web application firewalls (WAF) with rules designed to detect and block XSS payloads targeting Mediawiki installations.