CVE-2025-61598
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-12-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| discourse | discourse | to 3.5.2 (exc) |
| discourse | discourse | to 3.6.0 (exc) |
| discourse | discourse | 3.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-524 | The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Discourse versions before 3.6.2 and 3.6.0.beta2 involves missing Cache-Control response headers (no-store, no-cache) on error responses. Without these headers, error responses could be cached by proxies unintentionally, which may lead to cache poisoning attacks where malicious or outdated error responses are served to users.
How can this vulnerability impact me? :
The vulnerability can lead to cache poisoning attacks, meaning that users might receive incorrect or malicious error responses cached by proxies. This can cause confusion, misinformation, or potential security risks if sensitive error information is cached and served improperly.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Discourse to version 3.6.2 or 3.6.0.beta2 where the vulnerability is fixed. Ensure that error responses include the Cache-Control header with the value 'no-store, no-cache' to prevent unintended caching by proxies.