Home > Vulnerability Database > CVE-2025-61598

Mend.io Vulnerability Database

CVE-2025-61598

Good to know:

Date: October 28, 2025

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.

Severity Score

5.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-61598

Url: https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j

Url: https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc

Url: https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd

Url: https://www.mend.io/vulnerability-database/CVE-2025-61598

Severity Score

5.3

Weakness Type (CWE)

Use of Cache Containing Sensitive Information

CWE-524

Top Fix

Upgrade Version

Upgrade to version https://github.com/discourse/discourse.git - v3.6.1;https://github.com/discourse/discourse.git - v3.5.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-61598

Good to know:

Date: October 28, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?