CVE-2025-46813

Published: May 5, 2025

Modified: May 6, 2025

PUBLISHED

CVSS v3.1

5.8

MEDIUM

Description

Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. On login-required sites, the leak meant that some content on the site's homepage could be visible to unauthenticated users. Only login-required sites that got deployed during this timeframe are affected, roughly between April 30 2025 noon EDT and May 2 2025, noon EDT. Sites on the stable branch are unaffected. Private content on an instance's homepage could be visible to unauthenticated users on login-required sites. Versions of 3.5.0.beta4 after commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b are not vulnerable to the issue. No workarounds are available. Sites must upgrade to a non-vulnerable version of Discourse.

Vendor	Product	Versions
discourse	discourse	affected `>= 10df7fdee060d44accdee7679d66d778d1136510, <= 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b`

Weaknesses (CWE)

CWE-200

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/discourse/discourse/security/advisories/GHSA-v3h7-c287-pfg9

x_refsource_CONFIRM

https://github.com/discourse/discourse/commit/10df7fdee060d44accdee7679d66d778d1136510

x_refsource_MISC

https://github.com/discourse/discourse/commit/82d84af6b0efbd9fa2aeec3e91ce7be1a768511b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-46813

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References