CVE-2025-61645 in MediaWiki
Summary
by MITRE • 02/03/2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/pager/CodexTablePager.Php.
This issue affects MediaWiki: from * before 1.44.1.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/06/2026
This cross-site scripting vulnerability exists within the Wikimedia Foundation MediaWiki platform, specifically within the includes/pager/CodexTablePager.php program file. The flaw represents a classic improper neutralization of input during web page generation, allowing attackers to inject malicious scripts into web pages viewed by other users. The vulnerability affects all MediaWiki versions prior to 1.44.1, creating a significant security risk for organizations relying on this widely-used wiki platform. The issue stems from insufficient sanitization of user-supplied input that gets rendered in web page contexts, enabling attackers to execute arbitrary JavaScript code in the victim's browser.
The technical implementation of this vulnerability occurs when user input passes through the CodexTablePager component without proper HTML escaping or context-appropriate sanitization. When MediaWiki processes data for display in table formats, the input validation mechanisms fail to adequately neutralize potentially malicious content, creating an XSS attack vector. This flaw aligns with CWE-79, which specifically addresses cross-site scripting vulnerabilities where untrusted data is improperly integrated into web pages without appropriate sanitization or escaping. The vulnerability operates under the principle that user-provided content should never be trusted and must always be properly escaped for the specific output context where it will be rendered.
The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to perform session hijacking, deface websites, steal sensitive information, or redirect users to malicious domains. In a MediaWiki environment, this could allow unauthorized individuals to modify wiki content, access restricted pages, or compromise user sessions. The attack surface is particularly concerning given MediaWiki's widespread use across educational institutions, government organizations, and enterprise environments where sensitive information is frequently stored and shared. The vulnerability's exploitation requires minimal technical skill and can be automated, making it particularly dangerous in environments where multiple users contribute content. This aligns with ATT&CK technique T1566, which covers social engineering attacks that leverage web-based vulnerabilities to compromise systems.
Organizations should immediately implement the patch available in MediaWiki version 1.44.1 to remediate this vulnerability. Additionally, administrators should conduct comprehensive security reviews of all MediaWiki installations and implement proper input validation and output escaping mechanisms. The mitigation strategy should include regular security updates, input sanitization of all user-contributed content, and monitoring for suspicious activities in wiki environments. Network segmentation and web application firewalls can provide additional layers of protection while awaiting patch deployment. Security teams should also consider implementing content security policies to further limit the impact of potential XSS attacks and ensure that all user-generated content undergoes strict validation before being rendered in web contexts.