CVE-2025-62658

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.

VectorNETWORK

Published Byc4f26cc8-17ff-4c99-b5e2-38fc1793eacc

Published DateOct 20, 2025, 21:15

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

7.5

Vector String

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://phabricator.wikimedia.org/T406380

Base Score

HIGH7.5

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

7.5

Vector String

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)