{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67477", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "state": "PUBLISHED", "assignerShortName": "wikimedia-foundation", "dateReserved": "2025-12-08T17:51:48.871Z", "datePublished": "2026-02-03T01:16:40.616Z", "dateUpdated": "2026-02-03T15:32:21.011Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MediaWiki", "programFiles": ["resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js"], "repo": "https://gerrit.wikimedia.org/g/mediawiki/core/+/refs/heads/master", "vendor": "Wikimedia Foundation", "versions": [{"lessThan": "1.44.3, 1.45.1", "status": "affected", "version": "*", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.<p> This vulnerability is associated with program files <tt>resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js</tt>.</p><p>This issue affects MediaWiki: from * before 1.44.3, 1.45.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.\n\nThis issue affects MediaWiki: from * before 1.44.3, 1.45.1."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 0, "baseSeverity": "NONE", "exploitMaturity": "UNREPORTED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2026-02-03T01:16:40.616Z"}, "references": [{"url": "https://phabricator.wikimedia.org/T406639"}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS through a system message in Special:ApiSandbox", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T15:26:18.584943Z", "id": "CVE-2025-67477", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:32:21.011Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67477", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T15:26:18.584943Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:26:19.241Z"}}], "cna": {"title": "Stored XSS through a system message in Special:ApiSandbox", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gerrit.wikimedia.org/g/mediawiki/core/+/refs/heads/master", "vendor": "Wikimedia Foundation", "product": "MediaWiki", "versions": [{"status": "affected", "version": "*", "lessThan": "1.44.3, 1.45.1", "versionType": "semver"}], "programFiles": ["resources/src/mediawiki.special.apisandbox/ApiSandboxLayout.js"], "defaultStatus": "unaffected"}], "references": [{"url": "https://phabricator.wikimedia.org/T406639"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.\n\nThis issue affects MediaWiki: from * before 1.44.3, 1.45.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki.<p> This vulnerability is associated with program files <tt>resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js</tt>.</p><p>This issue affects MediaWiki: from * before 1.44.3, 1.45.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "shortName": "wikimedia-foundation", "dateUpdated": "2026-02-03T01:16:40.616Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67477", "state": "PUBLISHED", "dateUpdated": "2026-02-03T15:32:21.011Z", "dateReserved": "2025-12-08T17:51:48.871Z", "assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "datePublished": "2026-02-03T01:16:40.616Z", "assignerShortName": "wikimedia-foundation"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "396251D9-A546-4D7C-B79E-E5A70828EB3E", "versionEndExcluding": "1.44.3", "versionStartIncluding": "1.44.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE14F82E-8C8A-43F0-9A96-D3767A62DFC8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.\n\nThis issue affects MediaWiki: from * before 1.44.3, 1.45.1."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web (XSS o 'cross-site scripting') vulnerabilidad en Wikimedia Foundation MediaWiki. Esta vulnerabilidad est\u00e1 asociada con los archivos de programa resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.\n\nEste problema afecta a MediaWiki: desde * antes de 1.44.3, 1.45.1."}], "id": "CVE-2025-67477", "lastModified": "2026-04-09T20:32:13.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 0.0, "baseSeverity": "NONE", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "type": "Secondary"}]}, "published": "2026-02-03T02:16:08.707", "references": [{"source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "tags": ["Permissions Required"], "url": "https://phabricator.wikimedia.org/T406639"}], "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "type": "Secondary"}]}

{"bugzilla": {"description": "MediaWiki: MediaWiki: Cross-site Scripting vulnerability", "id": "2436175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436175"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["A flaw was found in MediaWiki. An Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), vulnerability exists in the `ApiSandboxLayout.Js` program file. This flaw could potentially allow an attacker with high privileges to inject malicious scripts into web pages. While the direct impact is not specified, XSS vulnerabilities typically enable client-side attacks."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, restrict the ability to modify system messages within MediaWiki to only trusted and authorized administrators. This operational control limits the attack surface by preventing unauthorized users from injecting malicious scripts into system messages that are processed by the Special:ApiSandbox feature. Consult MediaWiki documentation for specific instructions on managing user permissions related to interface message editing."}, "name": "CVE-2025-67477", "public_date": "2026-02-03T01:16:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-67477\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-67477\nhttps://phabricator.wikimedia.org/T406639"], "statement": "This vulnerability in MediaWiki allows for stored cross-site scripting (XSS) through a system message in the Special:ApiSandbox feature. An attacker with appropriate privileges to store system messages could inject malicious scripts, potentially leading to arbitrary code execution within a user's browser session. This impact is relevant to Red Hat customers deploying MediaWiki, particularly where untrusted users have permissions to modify system messages.", "threat_severity": "Moderate"}

{"created": "2026-02-04T12:14:39.848100+00:00", "updated": "2026-02-04T12:14:39.848126+00:00", "vendors": ["mediawiki", "mediawiki$PRODUCT$mediawiki", "wikimedia", "wikimedia$PRODUCT$mediawiki"]}