Unrated severityNVD Advisory· Published Jun 9, 2025· Updated Jun 9, 2025
Discourse vulnerable to DoS via large URL payload in PM to a bot
CVE-2025-48053
Description
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<3.4.4+ 1 more
- (no CPE)range: <3.4.4
- (no CPE)range: < 3.4.4
Patches
Vulnerability mechanics
References
1- github.com/discourse/discourse/security/advisories/GHSA-3q5q-qmrm-rvwxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.