Vulnerability Details CVE-2025-48954
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.132
EPSS Ranking 93.9%
CVSS Severity
CVSS v3 Score 8.1
Products affected by CVE-2025-48954
-
cpe:2.3:a:discourse:discourse:1.1.0
-
cpe:2.3:a:discourse:discourse:1.2.0
-
cpe:2.3:a:discourse:discourse:1.3.0
-
cpe:2.3:a:discourse:discourse:1.4.0
-
cpe:2.3:a:discourse:discourse:1.5.0
-
cpe:2.3:a:discourse:discourse:1.6.0
-
cpe:2.3:a:discourse:discourse:1.7.0
-
cpe:2.3:a:discourse:discourse:1.8.0
-
cpe:2.3:a:discourse:discourse:1.9.0
-
cpe:2.3:a:discourse:discourse:2.0.0
-
cpe:2.3:a:discourse:discourse:2.1.0
-
cpe:2.3:a:discourse:discourse:2.2.0
-
cpe:2.3:a:discourse:discourse:2.3.0
-
cpe:2.3:a:discourse:discourse:2.4.0
-
cpe:2.3:a:discourse:discourse:2.5.0
-
cpe:2.3:a:discourse:discourse:2.6.0
-
cpe:2.3:a:discourse:discourse:2.7.0
-
cpe:2.3:a:discourse:discourse:2.8.0
-
cpe:2.3:a:discourse:discourse:2.9.0
-
cpe:2.3:a:discourse:discourse:3.0.0
-
cpe:2.3:a:discourse:discourse:3.1.0
-
cpe:2.3:a:discourse:discourse:3.2.0
-
cpe:2.3:a:discourse:discourse:3.3.0
-
cpe:2.3:a:discourse:discourse:3.4.0
-
cpe:2.3:a:discourse:discourse:3.5.0