CVE-2025-61644
Cross-Site Scripting in MediaWiki WatchlistTopSectionWidget.js
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: wikimedia-foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wikimedia | mediawiki | From fb856ce9cf121e046305116852cca4899ecb48ca (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a low-risk cross-site scripting (XSS) issue in MediaWiki that requires privileged user access to exploit. There is no direct information provided about its impact on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2025-61644 is a low-risk internationalization (i18n) cross-site scripting (XSS) vulnerability in the MediaWiki software, specifically affecting the Special:Watchlist page menu. It arises from unsafe handling of localized messages related to watchlist buttons, allowing an attacker with sufficient privileges (such as an admin or interface user) to inject malicious scripts via i18n message content. The vulnerability was introduced in a specific commit and fixed by sanitizing these messages to prevent XSS injection. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with privileged access to inject malicious scripts into the Special:Watchlist page menu in MediaWiki. This could lead to unauthorized script execution in the context of privileged users, potentially compromising their accounts or actions. However, the risk is considered low because exploitation requires already having privileged access or bypassing code review processes. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is an i18n cross-site scripting (XSS) issue affecting the Special:Watchlist page menu in MediaWiki, caused by unsafe handling of localized messages. Detection involves verifying if your MediaWiki instance includes the vulnerable commit (fb856ce9cf121e046305116852cca4899ecb48ca) or later. Since exploitation requires privileged user access and involves injection via i18n message content, detection can include reviewing the localized messages named rcfilters-watchlist-edit-watchlist-button and rcfilters-watchlist-edit-watchlist-preferences-button for unsafe content. There are no specific network or system commands provided to detect this vulnerability directly. Instead, checking your MediaWiki version and patch status is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the security patch that properly sanitizes or escapes the affected i18n messages in MediaWiki core. The patch modifies two lines of code to prevent XSS injection and has been deployed to Wikimedia Foundation production. Ensuring your MediaWiki installation is updated to include this patch or a later version will mitigate the risk. Additionally, restrict privileged account access since exploitation requires such privileges. [1]