{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T03:17:50.712","vulnerabilities":[{"cve":{"id":"CVE-2025-22601","sourceIdentifier":"security-advisories@github.com","published":"2025-02-04T21:15:27.800","lastModified":"2025-09-25T20:27:13.843","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Discourse es una plataforma de código abierto para debates comunitarios. En las versiones afectadas, un atacante puede engañar a un usuario objetivo para que realice cambios en su propio nombre de usuario a través de un enlace manipulado cuidadosamente seleccionado utilizando la ruta `activate-account`. Este problema ha sido corregido en la última versión de Discourse. Se recomienda a los usuarios que actualicen la versión. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.4.0","matchCriteriaId":"B70F4653-EB23-49AB-AF71-C39E5B6D5E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"AF6D8860-8764-4EEF-9FDD-89FF932791A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"6A7FC47A-8C19-4E39-B0CF-ADA835A02A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*","matchCriteriaId":"8802773F-8216-4F0F-9F58-89056BFBE8B8"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}