← Back

CVE-2025-23023

nvd nist
Published: Feb 4, 2025Modified: Aug 26, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Exploitability: 3.9 / Impact: 4.2
Source: security-advisories@github.com (Secondary)

Description

Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Affected (1)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Before 3.3.2

Related CWEs

CWE-346
Origin Validation Error
The product does not properly verify that the source of data or communication is valid.

References (1)

Source: security-advisories@github.com
Third Party Advisory

Timeline

No history available yet.