MediaWiki PageHTMLHandler PHP RCE before 1.39.14/1.43.4/1.44.1
CVE-2025-61634 Published on February 2, 2026

HTML rest endpoint needs PoolCounter and proper parser cache check
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.

NVD

Products Associated with CVE-2025-61634

stack.watch emails you whenever new vulnerabilities are published in Wikimedia Mediawiki or MediaWiki. Just hit a watch button to start following.

Wikimedia Mediawiki

MediaWiki

Affected Versions

Wikimedia Foundation MediaWiki:

Version * and below 1.39.14, 1.43.4, 1.44.1 is affected.

Exploit Probability

EPSS

0.02%

Percentile

3.48%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

MediaWiki PageHTMLHandler PHP RCE before 1.39.14/1.43.4/1.44.1CVE-2025-61634 Published on February 2, 2026

Products Associated with CVE-2025-61634

Affected Versions

Exploit Probability

MediaWiki PageHTMLHandler PHP RCE before 1.39.14/1.43.4/1.44.1
CVE-2025-61634 Published on February 2, 2026