Medium severity6.1GHSA Advisory· Published Jan 14, 2025· Updated Jun 17, 2026
CVE-2025-23081
CVE-2025-23081
Description
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mediawiki/data-transferPackagist | >= 1.39.0, < 1.39.11 | 1.39.11 |
mediawiki/data-transferPackagist | >= 1.41.0, < 1.41.3 | 1.41.3 |
mediawiki/data-transferPackagist | >= 1.42.0, < 1.42.2 | 1.42.2 |
Affected products
2- Range: >= 1.42.0, < 1.42.2
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-c3h5-h73c-29hqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-23081ghsaADVISORY
- gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/1080451nvdWEB
- gerrit.wikimedia.org/r/c/mediawiki/extensions/DataTransfer/+/1093931nvdWEB
- gerrit.wikimedia.org/r/q/I5e1538a3bf66378810f905834c05626e1d2c82f0nvdWEB
- gerrit.wikimedia.org/r/q/I773c616db781d2f3f30893ad01ef503bf251a2b3nvdWEB
- gerrit.wikimedia.org/r/q/I7c9de4c8dcdb3276ba923c6bc7c8eef3531324c7nvdWEB
- gerrit.wikimedia.org/r/q/I9223c31f02f31f1e06e1a8cddf7d539cc8d3a3d9nvdWEB
- phabricator.wikimedia.org/T379749nvdWEB
News mentions
0No linked articles in our index yet.