MediaWiki <=1.39.13, 1.43.3, 1.44.0 ParserSanitizer RCE
CVE-2025-67479 Published on February 3, 2026

Magic word replacement in legacy parser allows using reserved data attributes through wikitext
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite: from * before 1.39.14, 1.43.4, 1.44.1.

NVD

Products Associated with CVE-2025-67479

stack.watch emails you whenever new vulnerabilities are published in Wikimedia Mediawiki or MediaWiki. Just hit a watch button to start following.

Wikimedia Mediawiki

MediaWiki

Affected Versions

Wikimedia Foundation MediaWiki:

Version * and below 1.39.14, 1.43.4, 1.44.1 is affected.

Wikimedia Foundation Cite:

Version * and below 1.39.14, 1.43.4, 1.44.1 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

MediaWiki <=1.39.13, 1.43.3, 1.44.0 ParserSanitizer RCECVE-2025-67479 Published on February 3, 2026

Products Associated with CVE-2025-67479

Affected Versions

Exploit Probability

MediaWiki <=1.39.13, 1.43.3, 1.44.0 ParserSanitizer RCE
CVE-2025-67479 Published on February 3, 2026