CVE-2025-64528 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user a…
Medium CVSS: 6.3

CVE-2025-64528

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix.
Vendor
Discourse
Product
Discourse
CWE
CWE-202
Yayın Tarihi
2025-12-30 16:15:45
Güncelleme
2026-02-20 17:04:38
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-202 Discourse MEDIUM Discourse 2025

Referanslar

https://github.com/discourse/discourse/commit/1cb45b8b287597085e3514596ffb1d9b41938f81 https://github.com/discourse/discourse/commit/6192f55629624925595dae14364fd86cac0f09df https://github.com/discourse/discourse/commit/e936a523b5900a9d866d23ea3da904ba12bb0fb2 https://github.com/discourse/discourse/security/advisories/GHSA-c59w-jwx7-34v4