CVE-2025-62652 MEDIUM

CVE-2025-62652: Stored XSS in WebAuthn key name

Vendor The Wikimedia Foundation

Product MediaWiki WebAuthn extension

Weakness CWE-79 · XSS

Published October 17, 2025

Last update October 20, 2025

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:L/U:Amber

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.

Key dates

02Disclosure timeline

October 17, 2025 CVE published

October 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62652

Related vulnerabilities

Identifiers

CVE CVE-2025-62652

CWE CWE-79

CVSS 5.8 / MEDIUM

Affected versions

Vendor The Wikimedia Foundation

Product MediaWiki WebAuthn extension

Affected 1.39

Vendor The Wikimedia Foundation

Product MediaWiki WebAuthn extension

Affected 1.43

Vendor The Wikimedia Foundation

Product MediaWiki WebAuthn extension

Affected 1.44

CVE-2025-62652: Stored XSS in WebAuthn key name

01Description

02Disclosure timeline

03References

04Related CVE