Unauthorized Discussion Creation in Giscus Commenting System by GitHub
CVE-2025-53532

5.3MEDIUM

Key Information:

Vendor

Giscus

Status
Giscus
Vendor
CVE Published:
7 July 2025

What is CVE-2025-53532?

The Giscus commenting system, which integrates GitHub Discussions, has a flaw in its discussions creation API. This flaw enables unauthorized users to create discussions in repositories where Giscus is deployed. The issue predominantly impacts the server-side functionality of Giscus, whether accessed via the official hosted service at giscus.app or through self-hosted instances, posing a risk of misuse across all installations. A fix has been implemented in specific commits that address this security gap.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

giscus < c43af7806e65adfcf4d0feeebef76dc36c95cb9a

References

https://github.com/giscus/giscus/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/giscus/giscus/commit/4b9745fe1a326ce08...
x_refsource_MISC
https://github.com/giscus/giscus/commit/c43af7806e65adfcf...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.