VYPR
Unrated severityNVD Advisory· Published Feb 4, 2025· Updated Feb 11, 2025

Client Side Path Traversal using activate account route in Discourse

CVE-2025-22601

Description

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the activate-account route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.