CVE-2025-48053
BaseFortify
Publication date: 2025-06-09
Last updated on: 2025-09-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| discourse | discourse | to 3.4.4 (exc) |
| discourse | discourse | to 3.5.0 (exc) |
| discourse | discourse | 3.5.0 |
| discourse | discourse | 3.5.0 |
| discourse | discourse | 3.5.0 |
| discourse | discourse | 3.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Discourse to a patched version: stable branch version 3.4.4 or later, beta branch version 3.5.0.beta5 or later, or tests-passed branch version 3.5.0.beta6-dev or later. No workarounds are available, so applying the update is the only effective mitigation. [1]
Can you explain this vulnerability to me?
CVE-2025-48053 is a denial-of-service (DoS) vulnerability in the Discourse platform. It occurs when a maliciously crafted large URL is sent via a private message to a bot user, causing the Discourse instance to reduce its availability or become unavailable. This vulnerability affects certain versions before they were patched and does not require any privileges or user interaction to exploit. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial-of-service condition on your Discourse instance, reducing or completely disrupting its availability. This means legitimate users may not be able to access or use the platform while the attack is ongoing. [1]