Vulnerability Database

320,343

Total vulnerabilities in the database

CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

Published: Jan 30, 2026
Updated: Jan 31, 2026
CVE: CVE-2025-11175
Exploit:

No technical information available.

CWEs:

CWE-917

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://gerrit.wikimedia.org/r/q/I126203ab1d3ec8c1719cbb5460a887e4d0c2cc6d
https://gerrit.wikimedia.org/r/q/I563219f3298a8740e158d130492bf3d2897784d7
https://phabricator.wikimedia.org/T364910
https://phabricator.wikimedia.org/T396248

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo