Refine your search
1 vulnerability found for Mediawiki - DiscussionTools Extension by The Wikimedia Foundation
CVE-2025-11175 (GCVE-0-2025-11175)
Vulnerability from cvelistv5
Published
2026-01-30 19:12
Modified
2026-01-30 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Summary
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wikimedia Foundation | Mediawiki - DiscussionTools Extension |
Version: 1.44 Version: 1.43 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T19:28:31.141350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T19:29:08.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mediawiki - DiscussionTools Extension",
"vendor": "The Wikimedia Foundation",
"versions": [
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.43"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matmarex"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bartosz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027) vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.\u003cp\u003eThis issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027) vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43."
}
],
"impacts": [
{
"capecId": "CAPEC-492",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-492 Regular Expression Exponential Blowup"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T19:18:42.993Z",
"orgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"shortName": "wikimedia-foundation"
},
"references": [
{
"url": "https://phabricator.wikimedia.org/T396248"
},
{
"url": "https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7"
},
{
"url": "https://phabricator.wikimedia.org/T364910"
},
{
"url": "https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DiscussionTools should use better regex",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc",
"assignerShortName": "wikimedia-foundation",
"cveId": "CVE-2025-11175",
"datePublished": "2026-01-30T19:12:06.648Z",
"dateReserved": "2025-09-29T19:08:06.212Z",
"dateUpdated": "2026-01-30T19:29:08.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}