Vulnerability DatabaseCVE-2025-67481
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-67481
Published:February 03, 2026
Updated:May 16, 2026
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Affected Packages
https://github.com/wikimedia/mediawiki.git (GITHUB):
Affected version(s) =1.45.0 <1.45.1
Fix Suggestion:
Update to version 1.45.1
https://github.com/wikimedia/mediawiki.git (GITHUB):
Affected version(s) >=1.43.0 <1.43.6
Fix Suggestion:
Update to version 1.43.6
https://github.com/wikimedia/mediawiki.git (GITHUB):
Affected version(s) >=1.39.0 <1.39.16
Fix Suggestion:
Update to version 1.39.16
https://github.com/wikimedia/mediawiki.git (GITHUB):
Affected version(s) >=1.44.0 <1.44.3
Fix Suggestion:
Update to version 1.44.3
Related Resources (1)
https://phabricator.wikimedia.org/T251032
Do you need more information?
Contact Us
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
0.02