QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59337

Published: Oct 1, 2025

Modified: Oct 2, 2025

PUBLISHED

Description

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.

Vendor	Product	Versions
discourse	discourse	affected `< 3.5.1`

Weaknesses (CWE)

References

https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887

x_refsource_CONFIRM

https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.