CVE-2025-48053 Information

Description

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch version 3.5.0.beta5 of the beta branch and version 3.5.0.beta6-dev of the tests-passed branch sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the stable branch version 3.5.0.beta5 of the beta branch and version 3.5.0.beta6-dev of the tests-passed branch. No known workarounds are available.

Reference

https://github.com/discourse/discourse/security/advisories/GHSA-3q5q-qmrm-rvwx