CVE-2025-11175

Summary

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

Affected Software

VendorProductVersion RangeStatus
The Wikimedia FoundationMediawiki - DiscussionTools Extension1.44affected
The Wikimedia FoundationMediawiki - DiscussionTools Extension1.43affected

Weaknesses

  • CWE-917: CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References