CVE-2025-23023HIGH 8.2EPSS p14.5%

CVE-2025-23023CVE-2025-23023

Description

Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
EPSS0.24% probability of exploitation · percentile 14.5% · 2026-06-19T12:03:05Z
Published2025-02-04
Last modified2025-08-26

Underlying weaknesses· 1

CWE-346

References

  1. https://github.com/discourse/discourse/security/advisories/GHSA-5h4h-2f46-r3c7

1

TypeTargetConfidenceTier
WeaknessOrigin Validation Errorcwe-3460%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32244
CVE
CVE-2026-33514
CVE
CVE-2026-31805
CVE
CVE-2026-34154
CVE
CVE-2025-48877
CVE
CVE-2025-53102
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.