WebAuthn Challenge Reuse Vulnerability in Discourse Community Platform
CVE-2025-53102

8.2HIGH

Key Information:

Vendor

Discourse
Status
Discourse
Vendor
CVE Published:
29 July 2025

What is CVE-2025-53102?

Discourse, the open-source community discussion platform, has a vulnerability where the WebAuthn challenge issued during 2FA authentication is not cleared from the user's session after its use. This oversight can lead to the potential reuse of the challenge, presenting a security risk to user accounts. Users are advised to upgrade to version 3.4.7 or 3.5.0.beta.8 to mitigate this risk and enhance their security posture.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

discourse >= 3.5.0.beta1, < 3.5.0.beta.8 < 3.5.0.beta1, 3.5.0.beta.8

discourse < 3.4.7 < 3.4.7

References

https://github.com/discourse/discourse/security/advisorie...
x_refsource_CONFIRM
https://github.com/discourse/discourse/commit/20bf65099bb...
x_refsource_MISC
https://github.com/discourse/discourse/commit/8bc0cee2c00...
x_refsource_MISC

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.