Skip to main content

Mediawiki CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement (CWE-917)
2026-01-30 c4f26cc8-17ff-4c99-b5e2-38fc1793eacc
Mediawiki

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 30, 2026 - 20:16 nvd
N/A

DescriptionCVE.org

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

AnalysisAI

Wikimedia Foundation Mediawiki - DiscussionTools Extension is affected by improper neutralization of special elements used in an expression language statement.

Technical ContextAI

This vulnerability (CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement) affects Wikimedia Foundation Mediawiki - DiscussionTools Extension. Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

Affected ProductsAI

Product: Wikimedia Foundation Mediawiki - DiscussionTools Extension.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2025-11175 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy