CVE-2025-68934 (GCVE-0-2025-68934)

Vulnerability from cvelistv5 – Published: 2026-01-28 19:19 – Updated: 2026-01-28 19:46
VLAI
Title
Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint
Summary
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not fully mitigate the issue, as payloads under the limit can still trigger the slow code path.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
Vendor Product Version
discourse discourse Affected: < 3.5.4
Affected: >= 2025.11.0-latest, < 2025.11.2
Affected: >= 2025.12.0-latest, 2025.12.1
Affected: >= 2026.1.0-latest, < 2026.1.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-28T19:46:05.140072Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-28T19:46:16.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "discourse",
          "vendor": "discourse",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.5.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2025.11.0-latest, \u003c 2025.11.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2025.12.0-latest, 2025.12.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2026.1.0-latest, \u003c 2026.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not fully mitigate the issue, as payloads under the limit can still trigger the slow code path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T19:19:59.627Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849"
        }
      ],
      "source": {
        "advisory": "GHSA-vwjh-vrx9-9849",
        "discovery": "UNKNOWN"
      },
      "title": "Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68934",
    "datePublished": "2026-01-28T19:19:59.627Z",
    "dateReserved": "2025-12-24T23:59:23.392Z",
    "dateUpdated": "2026-01-28T19:46:16.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-68934",
      "date": "2026-07-15",
      "epss": "0.00235",
      "percentile": "0.14334"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68934\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-28T20:16:12.627\",\"lastModified\":\"2026-06-17T09:59:51.030\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not fully mitigate the issue, as payloads under the limit can still trigger the slow code path.\"},{\"lang\":\"es\",\"value\":\"Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a 3.5.4, 2025.11.2, 2025.12.1 y 2026.1.0, los usuarios autenticados pueden enviar cargas \u00fatiles elaboradas a /drafts.json que causan un procesamiento O(n^2) en Base62.decode, ocupando los workers durante 35-60 segundos por solicitud. Esto afecta a todos los usuarios ya que el grupo de workers compartido se agota. Este problema est\u00e1 parcheado en las versiones 3.5.4, 2025.11.2, 2025.12.1 y 2026.1.0. Reducir la configuraci\u00f3n del sitio max_draft_length reduce la superficie de ataque, pero no mitiga completamente el problema, ya que las cargas \u00fatiles por debajo del l\u00edmite a\u00fan pueden activar la ruta de c\u00f3digo lenta.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"discourse\",\"product\":\"discourse\",\"versions\":[{\"version\":\"\u003c 3.5.4\",\"status\":\"affected\"},{\"version\":\"\u003e= 2025.11.0-latest, \u003c 2025.11.2\",\"status\":\"affected\"},{\"version\":\"\u003e= 2025.12.0-latest, 2025.12.1\",\"status\":\"affected\"},{\"version\":\"\u003e= 2026.1.0-latest, \u003c 2026.1.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-28T19:46:05.140072Z\",\"id\":\"CVE-2025-68934\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*\",\"versionEndExcluding\":\"3.5.4\",\"matchCriteriaId\":\"FDBF21E2-1191-4020-A17A-0702DE4E6451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*\",\"versionStartIncluding\":\"2025.11.0\",\"versionEndExcluding\":\"2025.11.2\",\"matchCriteriaId\":\"539B5B85-44F0-408E-B994-08BB20EA9C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:2025.12.0:*:*:*:stable:*:*:*\",\"matchCriteriaId\":\"CCBF47A8-0D3F-4174-8084-CD3517BF272A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:discourse:discourse:2026.1.0:*:*:*:stable:*:*:*\",\"matchCriteriaId\":\"F6CF5F98-F08F-4B28-BBE2-8296760A547E\"}]}]}],\"references\":[{\"url\":\"https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]}]}}",
    "redhat_vex": {
      "current_release_date": "2026-01-29T21:21:05+00:00",
      "cve": "CVE-2025-68934",
      "id": "CVE-2025-68934",
      "initial_release_date": "2025-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68934.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-28T19:46:05.140072Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-28T19:46:12.605Z\"}}], \"cna\": {\"title\": \"Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint\", \"source\": {\"advisory\": \"GHSA-vwjh-vrx9-9849\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"discourse\", \"product\": \"discourse\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.5.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2025.11.0-latest, \u003c 2025.11.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2025.12.0-latest, 2025.12.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2026.1.0-latest, \u003c 2026.1.0\"}]}], \"references\": [{\"url\": \"https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849\", \"name\": \"https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as the shared worker pool becomes exhausted. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Lowering the max_draft_length site setting reduces attack surface but does not fully mitigate the issue, as payloads under the limit can still trigger the slow code path.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-28T19:19:59.627Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-28T19:46:16.472Z\", \"dateReserved\": \"2025-12-24T23:59:23.392Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-28T19:19:59.627Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…