CVE-2025-43861 — MEDIUM (4.4)

Q: How severe is CVE-2025-43861?

CVE-2025-43861 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-43861?

Check the references section above for vendor advisories and patch information. Affected products include: Miraheze Managewiki.

Vulnerability Description

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Miraheze	Managewiki	< 2025-04-24

Related Weaknesses (CWE)

CWE-79

References

https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb1Patch
https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrvExploitPatchVendor Advisory

FAQ

What is CVE-2025-43861?

CVE-2025-43861 is a vulnerability with a CVSS score of 4.4 (MEDIUM). ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change ...

How severe is CVE-2025-43861?

CVE-2025-43861 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-43861?

Check the references section above for vendor advisories and patch information. Affected products include: Miraheze Managewiki.