MediaWiki's ApiSandbox Vulnerable to Cross-Site Scripting
CVE Notify has flagged a critical Cross-Site Scripting (XSS) vulnerability impacting Wikimedia Foundation’s MediaWiki software. The issue, tracked as CVE-2025-67477, stems from improper neutralization of input within the ApiSandboxLayout.Js file, a component of the ApiSandbox feature.
This vulnerability allows for the injection of malicious scripts into web pages generated by MediaWiki. According to CVE Notify, affected versions include all releases prior to 1.44.3 and version 1.45.1. This means a broad range of MediaWiki installations could be at risk if not updated promptly.
Cross-site scripting attacks can lead to a variety of malicious outcomes, including session hijacking, credential theft, and redirecting users to phishing sites. Given MediaWiki’s widespread use for managing vast amounts of content, particularly on Wikipedia and its sister projects, this vulnerability warrants immediate attention from administrators.
What This Means For You
- Immediately patch or update all MediaWiki instances to versions 1.44.3 or 1.45.1 and later to mitigate the CVE-2025-67477 XSS vulnerability.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-67477 | XSS | Software: Wikimedia Foundation MediaWiki, Affected Versions: < 1.44.3, 1.45.1, Vulnerable Component: resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js |