QwikSec

Security Database

CVE

CWE

Training

CVE-2025-61598

Published: Oct 28, 2025

Modified: Oct 29, 2025

PUBLISHED

Description

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.

Vendor	Product	Versions
discourse	discourse	affected `< 3.6.2` affected `>= 3.6.0.beta1, < 3.6.0.beta2`

Weaknesses (CWE)

References

https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j

x_refsource_CONFIRM

https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd

x_refsource_MISC

https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.