top of page
perceptive_background_267k.jpg

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination…

Published:

27 January 2026 at 23:00:00

Alert date:

28 January 2026 at 22:01:50

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CVE-2025-68662 affects the Discourse open source discussion platform in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. A hostname validation issue in the FinalDestination component allows attackers to bypass Server-Side Request Forgery (SSRF) protections under certain conditions. The vulnerability has been patched in the specified versions. No workarounds are available for this security issue. Organizations using affected versions should upgrade immediately to mitigate the SSRF bypass risk.

Technical details

Mitigation steps:

Affected products:

Discourse

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-68662
https://github.com/discourse/discourse/security/advisories/GHSA-gcfp-rjfc-925c

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page