CVE-2025-62668 is a vulnerability identified in the GrowthExperiments Extension of the Mediawiki platform maintained by the Wikimedia Foundation. The root cause is incorrect default permissions (classified under CWE-276), which means that the extension’s files or resources are accessible with overly permissive settings by default. This misconfiguration can lead to resource leak exposure, where sensitive internal data or experimental configurations might be unintentionally exposed to unauthorized users. The vulnerability affects the master branch of the extension before version 1.39. According to the CVSS 4.0 vector, the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability impacts confidentiality, integrity, and availability to a low degree individually but collectively results in a medium severity rating of 6.9. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The vulnerability’s exposure risk is heightened in environments where Mediawiki is publicly accessible or used for sensitive collaborative projects. The GrowthExperiments Extension is typically used to conduct A/B testing or feature rollouts, so leaked data could reveal internal testing parameters or user behavior analytics, potentially aiding attackers in crafting targeted attacks or social engineering campaigns.

For European organizations, especially those relying on Mediawiki for internal documentation, knowledge management, or collaborative projects, this vulnerability poses a risk of unauthorized data exposure. Confidential information related to experimental features or user interactions could be leaked, undermining privacy and competitive advantage. Public-facing Mediawiki instances could inadvertently expose sensitive configuration or experimental data to external attackers, increasing the risk of reconnaissance and follow-on attacks. The impact on integrity is moderate, as attackers might manipulate or infer internal testing states, potentially affecting decision-making processes. Availability impact is low but should not be discounted if resource leaks lead to denial of service or resource exhaustion. The vulnerability is particularly relevant for public institutions, research organizations, and enterprises in Europe that use Mediawiki extensively, as they often handle sensitive or regulated data. Compliance with GDPR and other data protection regulations could be jeopardized if personal or confidential data is exposed through this flaw.

European organizations should immediately audit the permissions of the GrowthExperiments Extension files and directories within their Mediawiki deployments. Restrict access to only necessary users and services, ensuring that default permissions are tightened beyond the vulnerable defaults. Implement network-level access controls such as IP whitelisting or VPN requirements for accessing Mediawiki instances hosting this extension. Monitor logs for unusual access patterns or data exfiltration attempts related to the extension. Since no official patch is available yet, consider disabling the GrowthExperiments Extension temporarily if it is not critical to operations. Engage with the Wikimedia Foundation or community to track patch releases and apply updates promptly once available. Additionally, conduct internal security reviews to identify any sensitive data that may have been exposed and perform impact assessments. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the extension. Finally, educate administrators and developers about secure permission configurations to prevent similar issues in other extensions or customizations.