CVE-2025-22601 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-22601

Analyzed

More Info Official Page

Source-security-advisories@github.com

Published At-04 Feb, 2025 | 21:15

Updated At-25 Sep, 2025 | 20:27

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 3.1

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CPE Matches

Civilized Discourse Construction Kit, Inc.

>>discourse>>Versions before 3.4.0(exclusive)

cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*

Civilized Discourse Construction Kit, Inc.

>>discourse>>3.4.0

cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*

Civilized Discourse Construction Kit, Inc.

>>discourse>>3.4.0

cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*

Civilized Discourse Construction Kit, Inc.

>>discourse>>3.4.0

cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	security-advisories@github.com

CWE ID: CWE-22

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw	security-advisories@github.com	Third Party Advisory

Hyperlink: https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw

Source: security-advisories@github.com

Resource:

Third Party Advisory