CVE-2025-62693 is a stored Cross-site Scripting (XSS) vulnerability identified in the LastModified extension of Mediawiki, an open-source wiki platform widely used for collaborative content management. The vulnerability stems from improper neutralization of input during web page generation, classified under CWE-79. Specifically, the extension fails to adequately sanitize or encode user-supplied data before embedding it into web pages, allowing malicious actors to inject persistent scripts. These scripts execute in the context of users visiting affected wiki pages, potentially compromising user sessions, stealing cookies, or performing unauthorized actions on behalf of the user. The vulnerability affects versions of the LastModified extension prior to 1.39 on the master branch. The CVSS 4.0 vector indicates a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). No known exploits have been reported in the wild yet, but the nature of stored XSS makes it a significant risk for any Mediawiki deployment using the vulnerable extension. The Wikimedia Foundation has published the vulnerability details but has not yet released a patch, emphasizing the need for immediate attention from administrators. Stored XSS vulnerabilities are particularly dangerous because they can affect any user accessing the compromised content, potentially leading to widespread impact within an organization or community. The vulnerability's presence in a widely used extension increases the attack surface for Mediawiki installations globally.

For European organizations, the impact of CVE-2025-62693 can be substantial, especially for public sector entities, educational institutions, and enterprises that rely on Mediawiki for documentation, knowledge sharing, and collaboration. Exploitation of this stored XSS vulnerability could lead to unauthorized access to user accounts, theft of sensitive information such as authentication tokens or personal data, and manipulation or defacement of wiki content. This could undermine trust in internal knowledge bases and public-facing wikis, disrupt operations, and potentially expose organizations to compliance violations under regulations like GDPR if personal data is compromised. The vulnerability requires no authentication or user interaction, increasing the risk of automated or widespread exploitation. Additionally, attackers could use the vulnerability as a foothold to launch further attacks within the network or to distribute malware. The medium CVSS score reflects moderate impact, but the ease of exploitation and the persistence of stored XSS make it a credible threat that should not be underestimated.

1. Monitor official Wikimedia Foundation channels for patches or updates to the LastModified extension and apply them immediately upon release. 2. Until patches are available, consider disabling the LastModified extension if feasible to eliminate the attack vector. 3. Implement strict input validation and output encoding on all user-supplied data within the Mediawiki environment, especially in custom extensions or templates. 4. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 5. Conduct regular security audits and penetration testing focused on web application vulnerabilities, including XSS, within Mediawiki installations. 6. Educate users and administrators about the risks of XSS and encourage vigilance for suspicious wiki content or behavior. 7. Use web application firewalls (WAFs) with rules tailored to detect and block XSS attack patterns targeting Mediawiki. 8. Review and limit user permissions to reduce the risk of malicious content injection by unauthorized users. 9. Maintain comprehensive logging and monitoring to detect exploitation attempts or unusual activity related to the vulnerability.