CVE-2025-48053

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-48053
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48053.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-48053
Aliases
Published
2025-06-09T12:30:33.626Z
Modified
2025-12-05T10:18:13.209003Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Discourse vulnerable to DoS via large URL payload in PM to a bot
Details

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch. No known workarounds are available.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48053.json",
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
189e1361e1f33432cb8feae46223ed2285f8e564

Affected versions

v0.*

v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.2.5
v0.9.2.6
v0.9.3
v0.9.3.5
v0.9.4
v0.9.5
v0.9.5.1
v0.9.5.2
v0.9.6
v0.9.6.1
v0.9.6.2
v0.9.6.3
v0.9.6.4
v0.9.7
v0.9.7.1
v0.9.7.2
v0.9.7.3
v0.9.7.4
v0.9.7.5
v0.9.7.6
v0.9.7.7
v0.9.7.8
v0.9.7.9
v0.9.8
v0.9.8.1
v0.9.8.10
v0.9.8.11
v0.9.8.2
v0.9.8.3
v0.9.8.4
v0.9.8.5
v0.9.8.6
v0.9.8.7
v0.9.8.8
v0.9.8.9
v0.9.9.1
v0.9.9.10
v0.9.9.11
v0.9.9.12
v0.9.9.13
v0.9.9.14
v0.9.9.15
v0.9.9.16
v0.9.9.17
v0.9.9.18
v0.9.9.2
v0.9.9.3
v0.9.9.4
v0.9.9.5
v0.9.9.6
v0.9.9.7
v0.9.9.8
v0.9.9.9

v1.*

v1.0.0
v1.1.0.beta2
v1.1.0.beta3
v1.1.0.beta4
v1.1.0.beta5
v1.1.0.beta6
v1.1.0.beta6b
v1.1.0.beta7
v1.1.0.beta8
v1.2.0.beta1
v1.2.0.beta2
v1.2.0.beta3
v1.2.0.beta4
v1.2.0.beta5
v1.2.0.beta6
v1.2.0.beta7
v1.2.0.beta8
v1.2.0.beta9
v1.3.0.beta1
v1.3.0.beta10
v1.3.0.beta11
v1.3.0.beta2
v1.3.0.beta3
v1.3.0.beta4
v1.3.0.beta5
v1.3.0.beta6
v1.3.0.beta7
v1.3.0.beta9
v1.4.0.beta1
v1.4.0.beta10
v1.4.0.beta11
v1.4.0.beta12
v1.4.0.beta2
v1.4.0.beta3
v1.4.0.beta4
v1.4.0.beta5
v1.4.0.beta6
v1.4.0.beta7
v1.4.0.beta8
v1.4.0.beta9
v1.5.0.beta1
v1.5.0.beta10
v1.5.0.beta11
v1.5.0.beta12
v1.5.0.beta13
v1.5.0.beta13b
v1.5.0.beta14
v1.5.0.beta2
v1.5.0.beta3
v1.5.0.beta4
v1.5.0.beta5
v1.5.0.beta6
v1.5.0.beta7
v1.5.0.beta8
v1.5.0.beta9
v1.6.0.beta1
v1.6.0.beta10
v1.6.0.beta11
v1.6.0.beta12
v1.6.0.beta2
v1.6.0.beta3
v1.6.0.beta4
v1.6.0.beta5
v1.6.0.beta6
v1.6.0.beta7
v1.6.0.beta8
v1.6.0.beta9
v1.7.0.beta1
v1.7.0.beta10
v1.7.0.beta11
v1.7.0.beta2
v1.7.0.beta3
v1.7.0.beta4
v1.7.0.beta5
v1.7.0.beta6
v1.7.0.beta7
v1.7.0.beta8
v1.7.0.beta9
v1.8.0.beta1
v1.8.0.beta10
v1.8.0.beta11
v1.8.0.beta12
v1.8.0.beta13
v1.8.0.beta2
v1.8.0.beta3
v1.8.0.beta4
v1.8.0.beta5
v1.8.0.beta6
v1.8.0.beta7
v1.8.0.beta8
v1.8.0.beta9
v1.9.0.beta1
v1.9.0.beta10
v1.9.0.beta11
v1.9.0.beta12
v1.9.0.beta13
v1.9.0.beta14
v1.9.0.beta15
v1.9.0.beta16
v1.9.0.beta17
v1.9.0.beta2
v1.9.0.beta3
v1.9.0.beta4
v1.9.0.beta5
v1.9.0.beta6
v1.9.0.beta7
v1.9.0.beta8
v1.9.0.beta9

v2.*

v2.0.0.beta1
v2.0.0.beta10
v2.0.0.beta2
v2.0.0.beta3
v2.0.0.beta4
v2.0.0.beta5
v2.0.0.beta6
v2.0.0.beta7
v2.0.0.beta8
v2.0.0.beta9
v2.1.0.beta1
v2.1.0.beta2
v2.1.0.beta3
v2.1.0.beta4
v2.1.0.beta5
v2.1.0.beta6
v2.2.0.beta1
v2.2.0.beta10
v2.2.0.beta2
v2.2.0.beta3
v2.2.0.beta4
v2.2.0.beta5
v2.2.0.beta6
v2.2.0.beta7
v2.2.0.beta8
v2.2.0.beta9
v2.3.0.beta1
v2.3.0.beta10
v2.3.0.beta11
v2.3.0.beta2
v2.3.0.beta3
v2.3.0.beta4
v2.3.0.beta5
v2.3.0.beta6
v2.3.0.beta7
v2.3.0.beta8
v2.3.0.beta9
v2.4.0.beta1
v2.4.0.beta10
v2.4.0.beta11
v2.4.0.beta2
v2.4.0.beta3
v2.4.0.beta4
v2.4.0.beta5
v2.4.0.beta6
v2.4.0.beta7
v2.4.0.beta8
v2.4.0.beta9
v2.5.0.beta1
v2.5.0.beta2
v2.5.0.beta3
v2.5.0.beta4
v2.5.0.beta5
v2.5.0.beta6
v2.5.0.beta7
v2.6.0.beta1
v2.6.0.beta2
v2.6.0.beta3
v2.6.0.beta4
v2.6.0.beta5
v2.6.0.beta6
v2.7.0.beta1
v2.7.0.beta2
v2.7.0.beta3
v2.7.0.beta4
v2.7.0.beta5
v2.7.0.beta6
v2.7.0.beta7
v2.7.0.beta8
v2.7.0.beta9
v2.8.0.beta1
v2.8.0.beta10
v2.8.0.beta11
v2.8.0.beta2
v2.8.0.beta3
v2.8.0.beta4
v2.8.0.beta5
v2.8.0.beta6
v2.8.0.beta7
v2.8.0.beta8
v2.8.0.beta9
v2.9.0.beta1
v2.9.0.beta10
v2.9.0.beta11
v2.9.0.beta12
v2.9.0.beta13
v2.9.0.beta14
v2.9.0.beta2
v2.9.0.beta3
v2.9.0.beta4
v2.9.0.beta5
v2.9.0.beta6
v2.9.0.beta7
v2.9.0.beta8
v2.9.0.beta9

v3.*

v3.0.0.beta15
v3.0.0.beta16
v3.1.0.beta1
v3.1.0.beta2
v3.1.0.beta3
v3.1.0.beta4
v3.1.0.beta5
v3.1.0.beta6
v3.1.0.beta7
v3.1.0.beta8
v3.2.0.beta1
v3.2.0.beta2
v3.2.0.beta3
v3.2.0.beta4
v3.2.0.beta5
v3.3.0.beta1
v3.3.0.beta2
v3.3.0.beta3
v3.3.0.beta4
v3.3.0.beta5
v3.3.0.beta6
v3.4.0.beta1
v3.4.0.beta2
v3.4.0.beta3
v3.4.0.beta4
v3.5.0.beta1
v3.5.0.beta2
v3.5.0.beta3
v3.5.0.beta4
v3.5.0.beta5