CVE-2025-49845

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.6 Discourse versions prior to 3.5.0.beta8-dev

Description: Discourse is an open-source discussion platform where the visibility of posts typed whisper is controlled via the whispers allowed groups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users can continue to see their own whispers even after losing visibility of posts typed whisper.

Recommendations: For versions prior to 3.4.6, update to version 3.4.6 or later. For versions prior to 3.5.0.beta8-dev, update to version 3.5.0.beta8-dev or later.

Exploit

Fix

LPE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-DISCOURSE-2025-49845

CVE-2025-49845

GHSA-79QW-R73R-69GF

Affected Products

Discourse

CVE-2025-49845

Weakness Enumeration

Related Identifiers

Affected Products

References · 8