Vulnerability Database

318,637

Total vulnerabilities in the database

CVE-2025-61598

Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.

Published: Oct 28, 2025
Updated: Dec 4, 2025
CVE: CVE-2025-61598
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-524

Affected Software
References

Software	From	Fixed in
discourse / discourse	-	3.5.2
discourse / discourse	-	3.6.0
discourse / discourse	3.6.0-beta1	3.6.0-beta1.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo