SQL injection in WatchAnalytics through Special:ClearPendingReviews_CVE-2025-62658

7.5 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.

Basic Information

ID CVE-2025-62658

Source wikimedia-foundation

Published Oct 20, 2025 at 20:23

Modified Oct 20, 2025 at 20:39

Affected Product

Vendor The Wikimedia Foundation

Product MediaWiki WatchAnalytics extension

Version 1.43

Affected Versions The Wikimedia Foundation MediaWiki WatchAnalytics extension 1.43
The Wikimedia Foundation MediaWiki WatchAnalytics extension 1.44

CWE Classification

CWE-89

References

phabricator.wikimedia.org /T406380

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.",
    "published": "2025-10-20T20:23:22.126Z",
    "modified": "2025-10-20T20:39:20.628Z",
    "type": "cve",
    "title": "SQL injection in WatchAnalytics through Special:ClearPendingReviews",
    "source": "wikimedia-foundation",
    "references": "https://phabricator.wikimedia.org/T406380",
    "id": "CVE-2025-62658",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "The Wikimedia Foundation MediaWiki WatchAnalytics extension 1.43\nThe Wikimedia Foundation MediaWiki WatchAnalytics extension 1.44",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MediaWiki WatchAnalytics extension",
    "version": "1.43",
    "vendor": "The Wikimedia Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}