CVE-2025-7362 is a security vulnerability classified under CWE-79, which pertains to improper neutralization of input during web page generation, commonly known as Cross-site Scripting (XSS). This specific vulnerability affects the MsUpload extension of the MediaWiki platform, maintained by the Wikimedia Foundation. The flaw arises in the file upload user interface, particularly when a user attempts to upload a file with the same filename twice. During this process, the system message 'msu-continue' is inserted into the Document Object Model (DOM) without adequate sanitization or encoding of user-supplied input. This lack of proper input neutralization allows an attacker to inject malicious scripts that are stored persistently within the system message. When other users access the affected page or interface, the malicious script executes in their browsers under the context of the vulnerable MediaWiki site, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim user. The vulnerability impacts multiple versions of the MsUpload extension: specifically, versions 1.39.x prior to 1.39.13, 1.42.x prior to 1.42.7, and 1.43.x prior to 1.43.2. As of the publication date, no CVSS score has been assigned, and there are no known exploits in the wild. However, the vulnerability's nature as a stored XSS in a widely used wiki platform extension makes it a significant concern for organizations relying on MediaWiki for collaborative content management.

For European organizations, the impact of this vulnerability can be substantial, especially for those using MediaWiki with the MsUpload extension for internal knowledge bases, documentation, or public-facing collaborative platforms. Exploitation of this stored XSS vulnerability can lead to unauthorized access to user sessions, enabling attackers to impersonate legitimate users, steal sensitive information, or perform administrative actions if the victim has elevated privileges. This can compromise the confidentiality and integrity of organizational data. Additionally, the execution of malicious scripts could facilitate the distribution of malware or phishing attacks targeted at employees or partners. Given the collaborative nature of MediaWiki, the attack surface includes all users who interact with the file upload interface, potentially affecting a broad user base within an organization. The absence of known exploits in the wild suggests that proactive patching can effectively mitigate risk before widespread exploitation occurs. However, failure to address this vulnerability could lead to reputational damage, regulatory non-compliance (especially under GDPR if personal data is compromised), and operational disruptions.

To mitigate this vulnerability, European organizations should prioritize updating the MsUpload extension to the latest patched versions: 1.39.13 or later for the 1.39.x branch, 1.42.7 or later for the 1.42.x branch, and 1.43.2 or later for the 1.43.x branch. If immediate patching is not feasible, organizations should implement strict input validation and output encoding on the msu-continue system message to neutralize potentially malicious scripts. Employing Content Security Policy (CSP) headers can help restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. Additionally, organizations should audit their MediaWiki configurations to disable or restrict file uploads where not necessary and monitor logs for suspicious activities related to file uploads or system messages. User education on recognizing phishing attempts and suspicious behavior can further reduce the risk of successful exploitation. Finally, integrating web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting the MsUpload extension can provide an additional layer of defense.