CVE-2025-48877 | Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev Setting allowed_iframes insecure automated optimizations (GHSA-cm93-6m2m-cjcv)

Inserito da Angelo Barbosa | Giu 9, 2025 | CVE

A vulnerability classified as critical has been found in Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev. Affected is the function allowed_iframes of the component Setting Handler. The manipulation leads to insecure automated optimizations.

This vulnerability is traded as CVE-2025-48877. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-48877 | Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev Setting allowed_iframes insecure automated optimizations (GHSA-cm93-6m2m-cjcv)

Post correlati

CVE-2023-22523 | Atlassian Assets Discovery Cloud Assets Discovery Agent Remote Code Execution

CVE-2024-3190 | Unlimited Elements for Elementor Plugin up to 1.5.107 on WordPress Text Field cross site scripting

CVE-2024-3592 | Quiz and Survey Master Plugin up to 9.0.1 on WordPress sql injection

CVE-2024-47831 | vercel next.js up to 14.2.6 recursion (GHSA-g77x-44xx-532m)