CVE-2025-32072

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Mediawiki Core - Feed Utils versions 1.39 through 1.43

Description: The issue is related to improper encoding or escaping of output, which allows WebView Injection. This is a problem where output is not properly encoded or escaped, potentially leading to the injection of malicious content into a WebView.

Recommendations: For versions 1.39 through 1.43, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

BDU:2025-13154

CVE-2025-32072

DLA-4249-1

DSA-5957-1

MGASA-2025-0260

Affected Products

Debian

Mediawiki

Red Os

CVE-2025-32072

Weakness Enumeration

Related Identifiers

Affected Products

References · 26