Denial of Service Vulnerability in Discourse Platform
CVE-2025-68934

6.5MEDIUM

Key Information:

Vendor: Discourse
Status: Discourse
Vendor: CVE Published:; 28 January 2026

What is CVE-2025-68934?

The vulnerability in the Discourse platform allows authenticated users to exploit the /drafts.json endpoint by submitting specially crafted payloads. This results in a significant slowdown due to O(n^2) processing during Base62 decoding, leading to worker exhaustion and service disruption for all users. The affected versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 are at risk. While lowering the max_draft_length can minimize exposure, it does not eliminate the potential for attack, as payloads beneath this threshold can still initiate the slow processing path.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

discourse < 3.5.4 < 3.5.4

discourse >= 2025.11.0-latest, < 2025.11.2 < 2025.11.0-latest, 2025.11.2

discourse >= 2025.12.0-latest, 2025.12.1 >= 2025.12.0-latest, 2025.12.1

References

https://github.com/discourse/discourse/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2026
Vulnerability Reserved
Dec 24, 2025

JSON

Discourse

What is CVE-2025-68934?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.