CVE-2025-23023

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Feb 4, 2025

CWE ID 346

Summary

CVE-2025-23023 is a vulnerability affecting Discourse, an open-source community discussion platform. An attacker can manipulate request headers to contaminate the anonymous cache, potentially injecting missing preloaded data. This issue solely impacts anonymous visitors to the site. Discourse has released a patch for this vulnerability, and users are strongly encouraged to upgrade. For those unable to upgrade, Discourse recommends setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to prevent anonymous caching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2W1BfT
https://www.cve.org/CVERecord?id=CVE-2025-23023
https://nvd.nist.gov/vuln/detail/CVE-2025-23023

Back to Vulnerability Database

CVE-2025-23023

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations