CVE-2025-61644
Unknown Unknown - Not Provided
Cross-Site Scripting in MediaWiki WatchlistTopSectionWidget.js

Publication date: 2026-02-03

Last updated on: 2026-02-03

Assigner: wikimedia-foundation

Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4899ecb48ca.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-61644
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wikimedia mediawiki From fb856ce9cf121e046305116852cca4899ecb48ca (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-61644 is a low-risk internationalization (i18n) cross-site scripting (XSS) vulnerability in the MediaWiki software, specifically affecting the Special:Watchlist page menu. It arises from unsafe handling of localized messages related to watchlist buttons, allowing an attacker with sufficient privileges (such as an admin or interface user) to inject malicious scripts via i18n message content. The vulnerability was introduced in a specific commit and fixed by sanitizing these messages to prevent XSS injection. [1]

Impact Analysis

If exploited, this vulnerability could allow an attacker with privileged access to inject malicious scripts into the Special:Watchlist page menu in MediaWiki. This could lead to unauthorized script execution in the context of privileged users, potentially compromising their accounts or actions. However, the risk is considered low because exploitation requires already having privileged access or bypassing code review processes. [1]

Detection Guidance

This vulnerability is an i18n cross-site scripting (XSS) issue affecting the Special:Watchlist page menu in MediaWiki, caused by unsafe handling of localized messages. Detection involves verifying if your MediaWiki instance includes the vulnerable commit (fb856ce9cf121e046305116852cca4899ecb48ca) or later. Since exploitation requires privileged user access and involves injection via i18n message content, detection can include reviewing the localized messages named rcfilters-watchlist-edit-watchlist-button and rcfilters-watchlist-edit-watchlist-preferences-button for unsafe content. There are no specific network or system commands provided to detect this vulnerability directly. Instead, checking your MediaWiki version and patch status is recommended. [1]

Mitigation Strategies

To mitigate this vulnerability, apply the security patch that properly sanitizes or escapes the affected i18n messages in MediaWiki core. The patch modifies two lines of code to prevent XSS injection and has been deployed to Wikimedia Foundation production. Ensuring your MediaWiki installation is updated to include this patch or a later version will mitigate the risk. Additionally, restrict privileged account access since exploitation requires such privileges. [1]

Compliance Impact

The vulnerability is a low-risk cross-site scripting (XSS) issue in MediaWiki that requires privileged user access to exploit. There is no direct information provided about its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61644. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart