CVE-2025-61645 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-61645?

CVE-2025-61645 has a CVSS score of N/A (Unknown). This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that allows attackers to inject malicious scripts into web pages. It affects all MediaWiki installations running versions before 1.44.1. Users viewing specially crafted pages could have their sessions hijacked or be redirected to malicious sites.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that allows attackers to inject malicious scripts into web pages. It affects all MediaWiki installations running versions before 1.44.1. Users viewing specially crafted pages could have their sessions hijacked or be redirected to malicious sites.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: All versions before 1.44.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the CodexTablePager.php component in the includes/pager directory. All MediaWiki installations with this component are vulnerable.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface wikis, install backdoors, or redirect users to phishing sites through persistent XSS payloads.

🟠

Likely Case

Session hijacking, cookie theft, or defacement of wiki pages through stored XSS attacks.

🟢

If Mitigated

Limited impact if Content Security Policy (CSP) is properly configured and input validation is enforced elsewhere.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities typically require some user interaction but are relatively easy to exploit once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.44.1

Vendor Advisory: https://phabricator.wikimedia.org/T403761

Restart Required: No

Instructions:

1. Backup your MediaWiki installation and database. 2. Download MediaWiki 1.44.1 or later from https://www.mediawiki.org. 3. Replace the existing installation with the patched version. 4. Run update.php from the maintenance directory: php maintenance/update.php

🔧 Temporary Workarounds

Input Sanitization Enhancement

all

Add additional input validation and output encoding for table pager inputs

Edit includes/pager/CodexTablePager.php to implement proper HTML escaping for all user-controlled inputs

Content Security Policy

all

Implement strict CSP headers to mitigate XSS impact

Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to web server configuration

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads targeting table pager parameters
Disable or restrict access to features using CodexTablePager if not essential

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in includes/DefaultSettings.php or via Special:Version page. If version is less than 1.44.1, system is vulnerable.

Check Version:

grep 'wgVersion' includes/DefaultSettings.php

Verify Fix Applied:

Verify version is 1.44.1 or higher and test table pager functionality with XSS test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests to table pager endpoints with script tags or JavaScript payloads
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests containing malicious script payloads in table-related parameters
Unexpected redirects from MediaWiki pages

SIEM Query:

source="web_logs" AND (url="*CodexTablePager*" OR url="*action=table*") AND (content="<script>" OR content="javascript:" OR content="onerror=" OR content="onload=")

📊 Metadata

CVE ID: CVE-2025-61645

CVSS v3 Score: N/A (Unknown)

CWE: CWE-79

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T403761