CVE-2025-22601

Low CVSS: 3.1

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor

Discourse

Product

Discourse

CWE

CWE-22

Yayın Tarihi

2025-02-04 21:15:27

Güncelleme

2025-09-25 20:27:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Discourse LOW Discourse 2025

Referanslar

https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw

Benzer Kayıtlar

Medium

CVE-2026-32113

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be…

Medium

CVE-2026-33425

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenti…

Low

CVE-2026-33426

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, users with…

Low

CVE-2026-33427

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an unauthe…

Medium

CVE-2026-33428

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staf…

Medium

CVE-2026-33424

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacke…