CVE-2025-32069

Vulnerability

Description CVE-2025-32069 is a stored cross-site scripting (XSS) vulnerability in the Wikibase Media Info (WBMI) extension for MediaWiki, affecting versions 1.39 through 1.43. The issue arises from improper input validation during WBMI serialization, which allows an attacker to inject malicious wikitext that is later rendered unsafely on file pages [1].

Attack

Vector and Exploitation The vulnerability is exploited by embedding crafted wikitext into a file page's metadata, which is then serialized and stored by the WBMI extension. When a user views the file page, the malicious script executes in the context of their browser session. No special authentication is required beyond the ability to edit file pages or upload files with manipulated metadata, making the attack surface broad for wikis with file uploads enabled [1].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, account takeover, data theft, or defacement of the wiki. The stored nature of the XSS means the payload persists and affects all viewers of the compromised file page until remediation is applied [1].

Mitigation

The vulnerability has been resolved by the Wikimedia Foundation, as indicated by the closure of the associated Phabricator task [1]. Administrators should update the Wikibase Media Info extension to a patched version (beyond 1.43) immediately. As a workaround, disabling the WBMI extension or restricting file upload permissions can reduce exposure until patching is complete.