PT-2025-19796 · Discourse · Discourse
Pmusaraj
·
Published
2025-05-05
·
Updated
2025-09-26
·
CVE-2025-46813
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b
Description
A data leak issue affects Discourse, an open-source community platform, allowing some content on the site's homepage to be visible to unauthenticated users on login-required sites. The issue affects sites deployed between April 30, 2025, noon EDT, and May 2, 2025, noon EDT. Private content on an instance's homepage could be visible to unauthenticated users. Sites on the stable branch are unaffected.
Recommendations
For Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b, upgrade to a non-vulnerable version of Discourse to resolve the issue. No workarounds are available, and sites must be upgraded to a secure version to prevent the data leak.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse