CVE-2025-61637 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-61637?

CVE-2025-61637 has a CVSS score of N/A (Unknown). This is a cross-site scripting (XSS) vulnerability in MediaWiki's edit preview functionality. Attackers can inject malicious scripts that execute in users' browsers when they view page previews. This affects all MediaWiki installations running vulnerable versions.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in MediaWiki's edit preview functionality. Attackers can inject malicious scripts that execute in users' browsers when they view page previews. This affects all MediaWiki installations running vulnerable versions.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: MediaWiki versions before 1.39.14, 1.43.4, and 1.44.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the edit preview functionality in the specified JavaScript files.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, deface pages, or redirect users to malicious sites.

🟠

Likely Case

Session hijacking, credential theft, or defacement of wiki pages through script injection.

🟢

If Mitigated

Limited impact if Content Security Policy (CSP) is properly configured and input validation is enforced elsewhere.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity, but specific exploit details are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.39.14, 1.43.4, or 1.44.1

Vendor Advisory: https://phabricator.wikimedia.org/T394856

Restart Required: No

Instructions:

1. Backup your MediaWiki installation. 2. Update to MediaWiki 1.39.14, 1.43.4, or 1.44.1. 3. Clear caches if necessary.

🔧 Temporary Workarounds

Disable Edit Preview

all

Temporarily disable the edit preview functionality to prevent exploitation.

Add $wgEnableEditPreview = false; to LocalSettings.php

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to mitigate script execution.
Enable input validation and output encoding for all user inputs in custom extensions.

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in includes/DefaultSettings.php or via Special:Version page.

Check Version:

grep 'wgVersion' includes/DefaultSettings.php

Verify Fix Applied:

Verify version is 1.39.14, 1.43.4, or 1.44.1 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual edit preview requests with script tags or JavaScript in parameters

Network Indicators:

HTTP requests containing script injection patterns in edit preview endpoints

SIEM Query:

source="mediawiki.log" AND "preview" AND ("<script" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-61637

CVSS v3 Score: N/A (Unknown)

CWE: CWE-79

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T394856