CVE-2025-32699: 
Linux Debian vulnerability analysis and mitigation

A vulnerability has been identified in Wikimedia Foundation's MediaWiki and Parsoid components (CVE-2025-32699). The issue affects MediaWiki versions before 1.39.12, 1.42.6, 1.43.1, and Parsoid versions before 0.16.5, 0.19.2, 0.20.2. The vulnerability was disclosed on April 10, 2025 (NVD).

The vulnerability has been classified under CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting) and CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component - Injection). According to the CVSS 4.0 scoring system, it has received a LOW severity rating of 2.1, with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M/U:Amber (NVD).

The vulnerability has been assessed with a LOW severity rating, indicating minimal impact. The CVSS vector string shows that while the vulnerability can be accessed over the network (AV:N), it has low impact on integrity (VI:L) and no direct impact on confidentiality (VC:N) or availability (VA:N) (NVD).

Fixed versions have been released for various distributions. Debian has addressed the vulnerability in bookworm with version 1:1.39.12-1~deb12u1, and in trixie/sid with version 1:1.43.1+dfsg-1/2. Users are advised to upgrade to these patched versions (Debian Tracker).