CVE-2025-67483 – This CVE describes a cross-site scripting (XSS)... (How to Fix)

Q: What is the severity of CVE-2025-67483?

CVE-2025-67483 has a CVSS score of N/A (Unknown). This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's page preview JavaScript component. Attackers can inject malicious scripts that execute in users' browsers when they view specially crafted pages. This affects all MediaWiki installations running vulnerable versions.

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's page preview JavaScript component. Attackers can inject malicious scripts that execute in users' browsers when they view specially crafted pages. This affects all MediaWiki installations running vulnerable versions.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: MediaWiki versions before 1.43.6, 1.44.3, and 1.45.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Page.Preview.js component in MediaWiki's resources directory.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, deface pages, or redirect users to malicious sites.

🟠

Likely Case

Attackers inject malicious scripts to steal user session data or perform limited unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to script execution in specific contexts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the injection vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.43.6, 1.44.3, or 1.45.1

Vendor Advisory: https://phabricator.wikimedia.org/T409226

Restart Required: No

Instructions:

1. Backup your MediaWiki installation. 2. Update MediaWiki to version 1.43.6, 1.44.3, or 1.45.1. 3. Clear browser and server caches. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Page Preview Feature

all

Temporarily disable the page preview functionality to prevent exploitation.

Edit LocalSettings.php and add: $wgEnablePagePreview = false;

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Enable MediaWiki's built-in XSS protection features and input validation

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in Special:Version page or by examining the installation files.

Check Version:

php maintenance/run.php ./includes/DefaultSettings.php | grep wgVersion

Verify Fix Applied:

Verify the MediaWiki version is 1.43.6, 1.44.3, or 1.45.1 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript in page edit logs
Suspicious user agent strings in access logs

Network Indicators:

Unexpected script tags in HTTP responses
Suspicious redirects from MediaWiki pages

SIEM Query:

source="mediawiki.log" AND ("script" OR "javascript" OR "onclick" OR "onload")

📊 Metadata

CVE ID: CVE-2025-67483

CVSS v3 Score: N/A (Unknown)

CWE: CWE-79

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T409226