CVE-2025-62658 HIGH

CVE-2025-62658: SQL injection in WatchAnalytics through Special:ClearPendingReviews

Vendor The Wikimedia Foundation
Product MediaWiki WatchAnalytics extension
Weakness CWE-89 · SQLi
Published October 20, 2025
Last update October 21, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.

Key dates

02Disclosure timeline

October 20, 2025 CVE published
October 21, 2025 Record updated