CVE-2025-48954
HIGHCVSS v3
8.1
HIGH
EPSS Score
10.1%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 6/25/2025
- Last Modified
- 9/25/2025
Frequently Asked Questions
What is CVE-2025-48954?
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
Is CVE-2025-48954 actively exploited?
Active exploitation of CVE-2025-48954 has not been confirmed. The EPSS score is 10.1%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-48954?
CVE-2025-48954 has a CVSS v3 base score of 8.1 (HIGH severity), with vector string 3.1.
Is CVE-2025-48954 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.