216.73.216.133

CVE-2025-48053

· Published 09/06/2025 13:15 · Modified 09/06/2025 13:15

Labels: CVE-2025-48053 2025-06-09CVE-2025-48053CWE-400[email protected]

Essential information

Published
09/06/2025 13:15
Modified
09/06/2025 13:15
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
discourse / discourse cpe:2.3:a:discourse:discourse:3.4.4:*:*:*:*:*:*:*
discourse / discourse cpe:2.3:a:discourse:discourse:3.5.0.beta5:*:*:*:*:*:*:*
discourse / discourse cpe:2.3:a:discourse:discourse:3.5.0.beta6-dev:*:*:*:*:*:*:*

References