QwikSec

Security Database

CVE

CWE

Training

CVE-2025-32376

Published: Apr 30, 2025

Modified: Apr 30, 2025

PUBLISHED

Description

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.

Vendor	Product	Versions
discourse	discourse	affected `< 3.4.3` affected `>= 3.5.0.beta1, < 3.5.0.beta3`

Weaknesses (CWE)

References

https://github.com/discourse/discourse/security/advisories/GHSA-mqqq-h2x3-46fr

x_refsource_CONFIRM

https://github.com/discourse/discourse/commit/21a7f3162221c393f9bb13721451aa7f237d881a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.