PT-2026-5182 · Discourse · Discourse
Published
2026-01-28
·
Updated
2026-02-02
·
CVE-2025-68479
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.5.4
Discourse versions prior to 2025.11.2
Discourse versions prior to 2025.12.1
Discourse versions prior to 2026.1.0
Description
Discourse is an open source discussion platform. Certain subscription endpoints do not adequately verify ownership before allowing modifications. This could allow unauthorized changes to subscriptions. No information is available regarding the number of potentially affected devices or any real-world incidents where this issue was exploited.
Recommendations
Update Discourse to version 3.5.4 or later.
Update Discourse to version 2025.11.2 or later.
Update Discourse to version 2025.12.1 or later.
Update Discourse to version 2026.1.0 or later.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse