CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

CVSS

No CVSS.

References

Link	Resource
https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d
https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7
https://phabricator.wikimedia.org/T364910
https://phabricator.wikimedia.org/T396248

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de Neutralización Incorrecta de Elementos Especiales utilizados en una Declaración de Lenguaje de Expresión ('Inyección de Lenguaje de Expresión') en la Extensión Mediawiki - DiscussionTools de La Fundación Wikimedia permite la Explosión Exponencial de Expresiones Regulares. Este problema afecta a la Extensión Mediawiki - DiscussionTools: 1.44, 1.43.

30 Jan 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-30 20:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-11175

Mitre link : CVE-2025-11175

CVE.ORG link : CVE-2025-11175

JSON object : View

Products Affected

No product.

CWE

CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

{"id": "CVE-2025-11175", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-30T20:16:40.393", "references": [{"url": "https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}, {"url": "https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}, {"url": "https://phabricator.wikimedia.org/T364910", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}, {"url": "https://phabricator.wikimedia.org/T396248", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc", "description": [{"lang": "en", "value": "CWE-917"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43."}, {"lang": "es", "value": "Vulnerabilidad de Neutralizaci\u00f3n Incorrecta de Elementos Especiales utilizados en una Declaraci\u00f3n de Lenguaje de Expresi\u00f3n ('Inyecci\u00f3n de Lenguaje de Expresi\u00f3n') en la Extensi\u00f3n Mediawiki - DiscussionTools de La Fundaci\u00f3n Wikimedia permite la Explosi\u00f3n Exponencial de Expresiones Regulares. Este problema afecta a la Extensi\u00f3n Mediawiki - DiscussionTools: 1.44, 1.43."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "c4f26cc8-17ff-4c99-b5e2-38fc1793eacc"}