CVE-2025-62658

HIGH

MediaWiki WatchAnalytics <1.44 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.

References (1)

Core 1
Core References

Scores

CVSS v4 7.5
EPSS 0.0022
EPSS Percentile 12.1%
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
The Wikimedia Foundation/MediaWiki WatchAnalytics extension 1.43
The Wikimedia Foundation/MediaWiki WatchAnalytics extension 1.44
Published Oct 20, 2025
Tracked Since Feb 18, 2026