CVE-2025-61636: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-61636 is a cross-site scripting (XSS) vulnerability discovered in MediaWiki's Codex Special:Block interface. The vulnerability was first reported on May 15, 2025, and affects MediaWiki versions using the Codex Special:Block feature when $wgUseCodexSpecialBlock is enabled. The issue specifically involves improper escaping of the ipbsubmit message in the interface (Phabricator).

The vulnerability stems from improper escaping of message content in the HTMLButtonField component when using the Codex display format. The issue occurs specifically in the buildCodexComponent function where raw HTML content was being passed without proper escaping. The vulnerability is triggered when using the x-xss language parameter, which can expose unescaped message content (Phabricator).

This vulnerability could allow attackers to execute cross-site scripting (XSS) attacks through specially crafted message content in the Codex Special:Block interface. While the risk rating was classified as Low, successful exploitation could potentially lead to unauthorized script execution in users' browsers (Phabricator).

The initial fix involved adding proper HTML escaping in the buildCodexComponent function. However, this was later reverted due to potential double-escaping issues. The final solution was implemented through a separate fix that properly handles HTML escaping at the caller level, as documented in related task T402313 (Phabricator).

The vulnerability was handled through Wikimedia's security process with involvement from multiple developers and security team members. The community response led to careful consideration of the proper fix, particularly regarding HTML escaping implementation (Phabricator).