Search for vulnerabilities
Vulnerability ID | VCID-vge4-wfm4-r3dr |
Aliases |
CVE-2025-32072
|
Summary | Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43. |
Status | Published |
Exploitability | 0.5 |
Weighted Severity | 4.1 |
Risk | 2.0 |
Affected and Fixed Packages | Package Details |
Reference id | Reference type | URL |
---|---|---|
https://api.first.org/data/v1/epss?cve=CVE-2025-32072 | ||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072 | ||
1120134 | https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1120134 | |
CVE-2025-32072 | https://nvd.nist.gov/vuln/detail/CVE-2025-32072 | |
T386175 | https://phabricator.wikimedia.org/T386175 |
Attack Vector (AV) | Attack Complexity (AC) | Attack Requirements (AT) | Privileges Required (PR) | User Interaction (UI) | Vulnerable System Impact Confidentiality (VC) | Vulnerable System Impact Integrity (VI) | Vulnerable System Impact Availability (VA) | Subsequent System Impact Confidentiality (SC) | Subsequent System Impact Integrity (SI) | Subsequent System Impact Availability (SA) |
---|---|---|---|---|---|---|---|---|---|---|
network adjacent local physical |
low high |
none present |
none low high |
none passive active |
high low none |
high low none |
high low none |
high low none |
high low none |
high low none |
Attack Vector (AV) | Attack Complexity (AC) | Attack Requirements (AT) | Privileges Required (PR) | User Interaction (UI) | Vulnerable System Impact Confidentiality (VC) | Vulnerable System Impact Integrity (VI) | Vulnerable System Impact Availability (VA) | Subsequent System Impact Confidentiality (SC) | Subsequent System Impact Integrity (SI) | Subsequent System Impact Availability (SA) |
---|---|---|---|---|---|---|---|---|---|---|
network adjacent local physical |
low high |
none present |
none low high |
none passive active |
high low none |
high low none |
high low none |
high low none |
high low none |
high low none |
Percentile | 0.09789 |
EPSS Score | 0.00042 |
Published At | April 12, 2025, 12:55 p.m. |
Date | Actor | Action | Source | VulnerableCode Version |
---|---|---|---|---|
2025-04-11T20:06:10.478374+00:00 | Vulnrichment | Import | https://github.com/cisagov/vulnrichment/blob/develop/2025/32xxx/CVE-2025-32072.json | 36.0.0 |