CVE-2025-48053— Discourse vulnerable to DoS via large URL payload in PM to a bot
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-48053
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse vulnerable to DoS via large URL payload in PM to a bot
Source: NVD (National Vulnerability Database)
Vulnerability Description
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Discourse 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.4.4之前版本、3.5.0.beta5之前版本和3.5.0.beta6-dev之前版本存在安全漏洞,该漏洞源于恶意URL可能导致可用性降低。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-48053
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-48053
请登录查看更多情报信息。
Same Patch Batch · discourse · 2025-06-09 · 3 CVEs total
| CVE-2025-48062 | 7.1 HIGH | Discourse vulnerable to HTML injection when inviting to topic via email |
| CVE-2025-48877 | Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe |
IV. Related Vulnerabilities
Same product: discourse
- CVE-2026-34154
Discourse has a subscription access bypass in its discourse- - CVE-2026-33514
Discourse: Information Disclosure in Form Template API Due t - CVE-2026-32244
Discourse: Cached outdated summaries can leak removed conten - CVE-2026-34947
Discourse: Staged user custom fields are exposed on public i - CVE-2026-27481
Discourse: Hidden tag visibility bypass on tag routes
Same vendor: discourse
- CVE-2026-34154
Discourse has a subscription access bypass in its discourse- - CVE-2026-33514
Discourse: Information Disclosure in Form Template API Due t - CVE-2026-32244
Discourse: Cached outdated summaries can leak removed conten - CVE-2026-34947
Discourse: Staged user custom fields are exposed on public i - CVE-2026-27481
Discourse: Hidden tag visibility bypass on tag routes
Same weakness: CWE-400
- CVE-2026-45047
bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via - CVE-2026-7528
Unauthenticated File Upload Vulnerability Allows Disk Space - CVE-2026-6051
IBM® Db2® is vulnerable to a denial of service when executin - CVE-2026-7493
Appointment Booking Calendar — Simply Schedule Appointments - CVE-2026-48593
Unbounded range expansion in cron describe causes memory exh
V. Comments for CVE-2025-48053
No comments yet