CVE-2025-32699

State: PUBLISHED · Published: 2025-04-10 · Updated: 2025-11-03 · Assigner: wikimedia-foundation

Description

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CWE-74 — CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Affected

Wikimedia Foundation / MediaWiki — v=0 <1.39.12, 1.42.6, 1.43.1 [affected]
Wikimedia Foundation / Parsoid — v=0 <0.16.5, 0.19.2, 0.20.2 [affected]

CVSS

4.0 score=2.1 severity=LOW CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M/U:Amber

References

https://phabricator.wikimedia.org/T387130

Source

cvelistV5-main/cves/2025/32xxx/CVE-2025-32699.json