Home > Vulnerability Database > CVE-2025-59337

Mend.io Vulnerability Database

CVE-2025-59337

Good to know:

Date: October 1, 2025

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.

Severity Score

3.0

Related Resources (4)

Url: https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59337

Url: https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887

Url: https://www.mend.io/vulnerability-database/CVE-2025-59337

Severity Score

3.0

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version https://github.com/discourse/discourse.git - v3.5.1

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59337

Good to know:

Date: October 1, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?