CVE-2025-49577
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| starcitizen.tools | citizen | to 3.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49577 is a stored Cross-Site Scripting (XSS) vulnerability in the Citizen MediaWiki skin. It occurs because various preference menu heading messages are inserted directly into the DOM as raw HTML without proper sanitization. An attacker who can edit these preference messages can inject arbitrary HTML, which leads to execution of malicious JavaScript when the preferences menu is opened. Although script tags are ineffective, the vulnerability allows stored XSS via unsanitized HTML insertion. [1]
How can this vulnerability impact me? :
This vulnerability can lead to high confidentiality and integrity impacts by allowing an attacker with editing privileges to inject malicious HTML and JavaScript into the preferences menu. This can result in unauthorized actions, data theft, or manipulation of user interface elements when users open the preferences menu. The attack requires high privileges but no user interaction, and it can be exploited remotely over the network. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your MediaWiki installation is using the Citizen skin version prior to 3.3.1 and if any preference messages (such as 'citizen-feature-custom-font-size-name') have been edited to include arbitrary HTML. Since the vulnerability involves stored XSS via preference messages inserted as raw HTML, you can inspect the preference messages for suspicious HTML content. There are no specific network detection commands provided, but you can audit the database or configuration for edited preference messages containing HTML tags or event handlers like 'onerror'. Additionally, reviewing the version of the Citizen skin installed can help detect if the vulnerable version is in use. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Citizen MediaWiki skin to version 3.3.1 or later, where this vulnerability has been fixed. If upgrading immediately is not possible, restrict editing privileges to trusted users only, as the vulnerability requires high privileges to exploit. Additionally, audit and sanitize any preference messages that can be edited to remove any injected HTML or scripts. Monitoring and limiting who can edit these messages reduces the risk of exploitation. [1]