CVE-2025-59337
Last modified
CVE-2025-59337 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Discourse | Discourse | < 3.5.1 | — |
| Discourse | Discourse | < 3.6.0 | — |
| Discourse | Discourse | 3.6.0 | Beta1 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-59337?
How severe is CVE-2025-59337?
How do I fix CVE-2025-59337?
Are you affected by CVE-2025-59337?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST