PT-2025-40301 · Discourse · Discourse

Tgxworld

Published

2025-10-01

Updated

2025-10-16

CVE-2025-59337

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0 and below

Description Discourse is a community discussion platform. A flaw exists where malicious meta-commands could be placed within a backup dump and then executed during the restore process. In environments with multiple sites, this could allow an administrator of one site to gain access to data or credentials from other sites.

Recommendations Update to version 3.5.1 or later.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BIT-DISCOURSE-2025-59337

CVE-2025-59337

GHSA-7XJR-4F4G-9887

Affected Products

Discourse

PT-2025-40301 · Discourse · Discourse

CVE-2025-59337

Weakness Enumeration

Related Identifiers

Affected Products

References · 10