{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T20:33:09.166","vulnerabilities":[{"cve":{"id":"CVE-2025-68479","sourceIdentifier":"security-advisories@github.com","published":"2026-01-28T19:16:23.380","lastModified":"2026-01-30T20:43:17.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. En versiones anteriores a la 3.5.4, 2025.11.2, 2025.12.1 y 2026.1.0, algunos endpoints de suscripción carecen de una verificación adecuada de la propiedad antes de realizar cambios. Este problema está parcheado en las versiones 3.5.4, 2025.11.2, 2025.12.1 y 2026.1.0. No se conocen soluciones alternativas disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.5.4","matchCriteriaId":"FDBF21E2-1191-4020-A17A-0702DE4E6451"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionStartIncluding":"2025.11.0","versionEndExcluding":"2025.11.2","matchCriteriaId":"539B5B85-44F0-408E-B994-08BB20EA9C26"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2025.12.0:*:*:*:stable:*:*:*","matchCriteriaId":"CCBF47A8-0D3F-4174-8084-CD3517BF272A"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2026.1.0:*:*:*:stable:*:*:*","matchCriteriaId":"F6CF5F98-F08F-4B28-BBE2-8296760A547E"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-6gjr-5897-m327","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}