CVE-2025-67477 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-67477?

CVE-2025-67477 has a CVSS score of N/A (Unknown). This is a cross-site scripting (XSS) vulnerability in MediaWiki's ApiSandboxLayout.js file that allows attackers to inject malicious scripts into web pages. It affects MediaWiki instances running vulnerable versions, potentially compromising users who view specially crafted pages. Administrators of MediaWiki installations should prioritize patching.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in MediaWiki's ApiSandboxLayout.js file that allows attackers to inject malicious scripts into web pages. It affects MediaWiki instances running vulnerable versions, potentially compromising users who view specially crafted pages. Administrators of MediaWiki installations should prioritize patching.

💻 Affected Systems

Products:

Wikimedia Foundation MediaWiki

Versions: from * before 1.44.3, 1.45.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the ApiSandboxLayout.js component specifically; requires the API sandbox feature to be accessible.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, deface pages, or redirect users to malicious sites by injecting arbitrary JavaScript.

🟠

Likely Case

Targeted attacks against specific users through crafted links or content, potentially leading to account compromise or data theft.

🟢

If Mitigated

With proper Content Security Policy (CSP) headers and input validation, impact is reduced to limited script execution within sandboxed contexts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity; exploitation requires user interaction with malicious content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.44.3, 1.45.1

Vendor Advisory: https://phabricator.wikimedia.org/T406639

Restart Required: No

Instructions:

1. Backup your MediaWiki installation. 2. Update MediaWiki to version 1.44.3 or 1.45.1 using your package manager or manual download. 3. Clear caches if necessary.

🔧 Temporary Workarounds

Disable API Sandbox

all

Temporarily disable the API sandbox feature to prevent exploitation

Add $wgEnableAPI sandbox = false; to LocalSettings.php

Implement CSP Headers

all

Add Content Security Policy headers to limit script execution

Add appropriate CSP directives to web server configuration

🧯 If You Can't Patch

Implement strict input validation and output encoding for all user inputs
Deploy a web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in Special:Version page or LocalSettings.php

Check Version:

grep 'wgVersion' LocalSettings.php

Verify Fix Applied:

Verify version is 1.44.3 or 1.45.1 or higher in Special:Version

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in request logs
Multiple requests to ApiSandboxLayout.js with suspicious parameters

Network Indicators:

Script tags or JavaScript in API sandbox requests
Unexpected redirects from MediaWiki pages

SIEM Query:

source="*mediawiki*" AND ("ApiSandboxLayout" OR "<script>")

📊 Metadata

CVE ID: CVE-2025-67477

CVSS v3 Score: N/A (Unknown)

CWE: CWE-79

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T406639