Discourse AI Suggestion Endpoint Vulnerability in Open-Source Community Platform
CVE-2025-58055

4.3MEDIUM

Key Information:

Vendor: Discourse
Status: Discourse
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-58055?

In the Discourse community discussion platform, versions 3.5.0 and earlier contain a vulnerability in their AI suggestion endpoints. This issue allows authenticated users to manipulate API requests, specifically by altering the 'topic_id' parameter. As a result, users can access sensitive information about topics beyond their authorization level. The AI model responses may inadvertently reveal details about restricted topics, posing a significant risk to data privacy. Discourse has released a patch in version 3.5.1 and recommends users adjust group access settings to mitigate this vulnerability.

Affected Version(s)

discourse < 3.5.1

References

https://github.com/discourse/discourse/security/advisorie...

x_refsource_CONFIRM

https://github.com/discourse/discourse/commit/28d569cae9b...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Aug 22, 2025

JSON