Discourse 2025.11.0 Stable Branch
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:2025.11.0:*:*:*:stable:*:*:*
part: a version: 2025.11.0 update: *
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | stable |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.385033 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.385034 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-64528 |
vulnerable | 2026-06-03 15:09:39.358121 |
Users are able to find users by name even when `enable_names` is off
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix.
Published: 2025-12-30T16:04:10.093Z
Updated: 2025-12-30T18:11:53.787Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.