CVE-2025-61638

MEDIUM

MediaWiki <1.39.14, 1.43.4, 1.44.1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-61638. PoCs published by adminlove520, gui-ying233.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-61638, an XSS vulnerability in MediaWiki. The exploit uses Puppeteer to test for XSS by sending crafted API requests and checking the response for vulnerable behavior.

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.

Exploits (2)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-61638

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-61638, an XSS vulnerability in MediaWiki. The exploit uses Puppeteer to test for XSS by sending crafted API requests and checking the response for vulnerable behavior.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: MediaWiki (versions before 1.39, 1.43, and 1.44)

Auth required

Prerequisites: Access to a vulnerable MediaWiki instance · Edit permissions on the target wiki

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Mar 04, 2026 Full analysis →

nomisec WORKING POC 1 stars

by gui-ying233 · poc

https://github.com/gui-ying233/CVE-2025-61638

View Code ZIP pw:eip

This PoC demonstrates a stored XSS vulnerability in MediaWiki by testing if arbitrary HTML attributes can be injected via wiki syntax parsing. It checks for edit permissions and confirms if the XSS payload executes.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: MediaWiki (version not specified)

Auth required

Prerequisites: Edit permissions on the target wiki · Access to the MediaWiki API

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Issue Tracking

https://phabricator.wikimedia.org/T401099

Scores

CVSS v3 4.8

EPSS 0.0023

EPSS Percentile 14.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (4)

mediawiki/mediawiki < 1.39.14

wikimedia/parsoid < 0.16.6

Wikimedia Foundation/MediaWiki < 1.39.14, 1.43.4, 1.44.1

Wikimedia Foundation/Parsoid < 0.16.6, 0.20.4, 0.21.1

Published Feb 03, 2026

Tracked Since Feb 18, 2026