CVE-2025-11175

Description

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

PUBLISHED Reserved 2025-09-29 | Published 2026-01-30 | Updated 2026-01-30 | Assigner wikimedia-foundation

Problem types

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Product status

Credits

Matmarex finder

Bartosz remediation developer

References

phabricator.wikimedia.org/T396248

gerrit.wikimedia.org/...19f3298a8740e158d130492bf3d2897784d7

phabricator.wikimedia.org/T364910

gerrit.wikimedia.org/...03ab1d3ec8c1719cbb5460a887e4d0c2cc6d

cve.org (CVE-2025-11175)

nvd.nist.gov (CVE-2025-11175)

Download JSON