CVE-2025-67479 – This vulnerability in MediaWiki and its Cite ex... (How to Fix)

Q: What is the severity of CVE-2025-67479?

CVE-2025-67479 has a CVSS score of N/A (Unknown). This vulnerability in MediaWiki and its Cite extension allows attackers to inject malicious content through parser functions. It affects all MediaWiki installations running vulnerable versions, potentially compromising site integrity and user security.

📋 TL;DR

This vulnerability in MediaWiki and its Cite extension allows attackers to inject malicious content through parser functions. It affects all MediaWiki installations running vulnerable versions, potentially compromising site integrity and user security.

💻 Affected Systems

Products:

MediaWiki
MediaWiki Cite extension

Versions: MediaWiki: before 1.39.14, 1.43.4, 1.44.1; Cite: before 1.39.14, 1.43.4, 1.44.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations using vulnerable versions; parser functions are core functionality

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through remote code execution or persistent cross-site scripting affecting all users

🟠

Likely Case

Content injection leading to defacement, phishing, or privilege escalation through crafted parser output

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Parser function vulnerabilities typically require understanding MediaWiki's templating system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MediaWiki 1.39.14, 1.43.4, 1.44.1; Cite 1.39.14, 1.43.4, 1.44.1

Vendor Advisory: https://phabricator.wikimedia.org/T407131

Restart Required: No

Instructions:

1. Backup your wiki database and files. 2. Update MediaWiki core to patched version. 3. Update Cite extension to patched version. 4. Clear parser cache via maintenance/runJobs.php if needed.

🔧 Temporary Workarounds

Disable vulnerable parser functions

all

Temporarily disable specific parser functions in includes/Parser/CoreParserFunctions.php

# Edit LocalSettings.php and add: $wgDisableParserFunctions = true;

Restrict parser function usage

all

Limit parser function execution to trusted users only

# In LocalSettings.php: $wgGroupPermissions['*']['parserfunction'] = false;

🧯 If You Can't Patch

Implement strict input validation for all user-generated content
Deploy web application firewall with parser function attack signatures

🔍 How to Verify

Check if Vulnerable:

Check MediaWiki version in includes/DefaultSettings.php or via Special:Version page

Check Version:

grep 'wgVersion' includes/DefaultSettings.php

Verify Fix Applied:

Confirm version is 1.39.14, 1.43.4, or 1.44.1 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual parser function calls
Malformed template syntax in recent changes
Unexpected content in parser cache

Network Indicators:

HTTP requests with unusual parser syntax parameters
Patterns matching known parser injection payloads

SIEM Query:

source="mediawiki.log" AND ("ParserFunctions" OR "Sanitizer") AND (error OR warning)

📊 Metadata

CVE ID: CVE-2025-67479

CVSS v3 Score: N/A (Unknown)

Published: February 3, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://phabricator.wikimedia.org/T407131