{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:40:48.544","vulnerabilities":[{"cve":{"id":"CVE-2025-24972","sourceIdentifier":"security-advisories@github.com","published":"2025-03-26T15:16:07.920","lastModified":"2025-08-25T17:06:08.770","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. Antes de las versiones 3.3.4 de la rama estable y 3.4.0.beta5 de la rama beta, en circunstancias específicas, se podía añadir usuarios a mensajes directos de grupo a pesar de tener la opción deshabilitada en sus preferencias. Las versiones 3.3.4 y 3.4.0.beta5 incluyen un parche para este problema. Existe un workaround. Si un usuario deshabilita el chat en sus preferencias, no podrá añadirse a nuevos chats de grupo."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.3.4","matchCriteriaId":"07E7B04F-B033-48BB-AA28-8C38BE2D7334"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.4.0","matchCriteriaId":"B70F4653-EB23-49AB-AF71-C39E5B6D5E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"AF6D8860-8764-4EEF-9FDD-89FF932791A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"6A7FC47A-8C19-4E39-B0CF-ADA835A02A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*","matchCriteriaId":"8802773F-8216-4F0F-9F58-89056BFBE8B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta4:*:*:beta:*:*:*","matchCriteriaId":"C6414144-DB59-412A-96A2-4405A25356A8"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-4p63-qw6g-4mv2","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}