CNNVD-202510-026 Information

CNNVD ID

CNNVD-202510-026

Related CVE

CVE-2025-58055

• CNNVD Published: 2025-10-01

Description (Chinese)

Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0及之前版本存在安全漏洞，该漏洞源于AI建议端点未正确验证topic_id参数，可能导致信息泄露。

Description (English)

Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in Discourse 3.5.0 and earlier versions, which stems from the incorrect validation of topic id parameters by the AI recommended endpoint, which may lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Discourse

Published

2025-10-01

Last Modified

2026-02-24

References

https://github.com/discourse/discourse/commit/28d569cae9b33cd55d647bf41806106e33d975c9 https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr

Patch

https://github.com/discourse/discourse/tags