CVE-2025-32069

CVE-2025-32069: Wikitext stored XSS on filepages due to dangerous WBMI serialization

Vendor The Wikimedia Foundation
Product Mediawiki - Wikibase Media Info Extension
Weakness CWE-20 · Input validation
Published April 11, 2025
Last update July 7, 2025

CVSS base score

What the vulnerability does

01Description

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Media Info Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikibase Media Info Extension: from 1.39 through 1.43.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
July 7, 2025 Record updated