CVE-2025-62655 LOW

CVE-2025-62655: SQL injection in Cargo via Special:CargoExport

Vendor The Wikimedia Foundation
Product MediaWiki Cargo extension
Weakness CWE-89 · SQLi
Published October 17, 2025
Last update October 20, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.

Key dates

02Disclosure timeline

October 17, 2025 CVE published
October 20, 2025 Record updated