Denial-of-Service Vulnerability in Discourse Discussion Platform
CVE-2025-48053

8.7HIGH

Key Information:

Vendor: Discourse
Status: Discourse
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-48053?

This vulnerability affects the Discourse discussion platform, wherein a maliciously crafted URL sent through a private message to a bot user can degrade the availability of the Discourse instance. Affected versions include those prior to 3.4.4 in the stable branch, 3.5.0.beta5 in the beta branch, and 3.5.0.beta6-dev in the tests-passed branch. Users are urged to upgrade to the patched versions to mitigate potential disruptions, as no known workarounds exist.

Affected Version(s)

discourse < 3.4.4 < 3.4.4

discourse < 3.5.0.beta5 < 3.5.0.beta5

discourse < 3.5.0.beta6-dev < 3.5.0.beta6-dev

References

https://github.com/discourse/discourse/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
May 15, 2025