← voltar
CVE-2025-68479

Discourse subscriptions are susceptible to takeover

CVSS 7.1 HIGHEPSS 0.2%CWE-862
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Produtos afetados
discourse · discourse

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/discourse/discourse/security/advisories/GHSA-6gjr-5897-m327