CVE-2025-54865 HIGH

CVE-2025-54865: Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection

Vendor Ftb-Gamepedia
Product Tilesheets
Weakness CWE-89 · SQLi
Published August 5, 2025
Last update August 7, 2025
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed.

Key dates

02Disclosure timeline

August 5, 2025 CVE published
August 7, 2025 Record updated