PT-2025-40301 · Discourse · Discourse

Tgxworld

Publicado

2025-10-01

Atualizado

2025-10-16

CVE-2025-59337

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0 and below

Description Discourse is a community discussion platform. A flaw exists where malicious meta-commands could be placed within a backup dump and then executed during the restore process. In environments with multiple sites, this could allow an administrator of one site to gain access to data or credentials from other sites.

Recommendations Update to version 3.5.1 or later.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

BIT-DISCOURSE-2025-59337

CVE-2025-59337

GHSA-7XJR-4F4G-9887

Produtos afetados

Discourse

PT-2025-40301 · Discourse · Discourse

CVE-2025-59337

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10