CVE-2025-62694
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-62694, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-21

Last updated on: 2025-10-21

Assigner: wikimedia-foundation

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-21
Last Modified
2025-10-21
Generated
2026-07-06
AI Q&A
2025-10-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
the_wikimedia_foundation mediawiki 1.43
the_wikimedia_foundation mediawiki 1.45.0-alpha
the_wikimedia_foundation wikilove *
the_wikimedia_foundation mediawiki 1.44
the_wikimedia_foundation mediawiki 1.39

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-62694 is a stored Cross-Site Scripting (XSS) vulnerability in the WikiLove extension of MediaWiki. It occurs because a system message (`wikilove-what-is-this-link`) is inserted directly into the href attribute of a link without proper validation or sanitization. An attacker can modify this message to include malicious JavaScript code, which executes when a user clicks the affected link, allowing the attacker to run arbitrary scripts in the user's browser. [1]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript code in the context of users interacting with the WikiLove extension. This can lead to session hijacking, credential theft, or other malicious actions that compromise user accounts and data security. [1]

Detection Guidance

This vulnerability can be detected by checking if the system message `MediaWiki:Wikilove-what-is-this-link` contains unsafe JavaScript payloads in its href attribute. One way to detect it is to inspect the content of this system message for suspicious JavaScript URLs such as `javascript:alert(document.domain)`. Additionally, you can reproduce the issue by enabling the WikiLove tab in user preferences, visiting a user's talk page, clicking the heart icon, and middle-clicking the "What is this?" link to see if injected JavaScript executes. There are no specific network commands provided, but manual inspection or automated scanning of the system message content for unsafe href values is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include sanitizing the URL used in the `wikilove-what-is-this-link` system message to allow only safe URLs such as HTTP or HTTPS. If you are using MediaWiki version 1.39 or similar, apply the available patch that restricts the href attribute to only HTTP and HTTPS URLs. Avoid using untrusted or user-controlled input directly in the href attribute without validation. Updating to a patched version of MediaWiki or the WikiLove extension that includes the fix is strongly recommended. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62694. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart