PT-2025-44213 · Discourse · Discourse
Published
2025-10-28
·
Updated
2025-11-06
·
CVE-2025-61598
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.6.2
Discourse version 3.6.0.beta2
Description
Discourse, an open source discussion platform, is affected by an issue where the default Cache-Control response header with the value no-store, no-cache was missing from error responses. This could lead to unintended caching of these responses by proxies, potentially resulting in cache poisoning attacks.
Recommendations
Update to Discourse version 3.6.2 or later.
Update to Discourse version 3.6.0.beta2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse