{"vulnerability": "GHSA-4P63-QW6G-4MV2", "sightings": [{"uuid": "8888f024-8daf-4f64-8724-75297abcd418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-4P63-QW6G-4MV2", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8843", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24972\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.\n\ud83d\udccf Published: 2025-03-26T14:15:13.164Z\n\ud83d\udccf Modified: 2025-03-26T14:15:13.164Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-4p63-qw6g-4mv2", "creation_timestamp": "2025-03-26T14:25:07.000000Z"}]}