Browse all 107 CVE security advisories affecting Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Wikimedia Foundation operates the world’s largest collaborative encyclopedia platform, hosting Wikipedia and related projects that serve billions of monthly visitors. Its infrastructure relies on complex software stacks, including MediaWiki, which has historically been susceptible to various vulnerability classes. Common issues include cross-site scripting (XSS), SQL injection, and remote code execution (RCE) stemming from legacy code paths or misconfigurations. While the organization maintains a robust security posture with regular audits and bug bounty programs, the sheer scale of its codebase and the open nature of its editing model present unique challenges. Recent years have seen efforts to mitigate privilege escalation risks and improve input validation. Despite these ongoing technical hurdles, the Foundation remains a critical public resource, balancing transparency with the need to protect user data and system integrity against sophisticated cyber threats targeting its extensive digital footprint.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-67478 | Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" — CheckUser | 9.8AI | CriticalAI | 2026-02-03 |
| CVE-2025-61658 | Special:GlobalContributions shows edits on wikis the viewer doesn't have access to — CheckUser | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2025-61651 | i18n XSS through Special:CheckUser CheckUser helper — CheckUserCWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61648 | Stored XSS through system messages in CheckUser — CheckUserCWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61649 | UserInfoCard: Check that performing user has permission to view log entries for number of past blocks — CheckUser | 9.1AI | CriticalAI | 2026-02-03 |
| CVE-2025-61650 | UserInfoCard is vulnerable to message key stored XSS — CheckUserCWE-79 | 6.1AI | MediumAI | 2026-02-03 |
| CVE-2025-61647 | UserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rights — CheckUser | 9.8AI | CriticalAI | 2026-02-03 |
This page lists every published CVE security advisory associated with Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.