CVE-2025-68662

🗓️ 28 Jan 2026 19:12:24Reported by GitHub_MType

CVE-2025-68662: Discourse FinalDestination hostname check bypasses SSRF protections in older versions.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-68662	28 Jan 202619:12	–	attackerkb
Circl	CVE-2025-68662	28 Jan 202620:58	–	circl
CNNVD	Discourse code vulnerabilities	28 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass	28 Jan 202619:12	–	cvelist
EUVD	EUVD-2025-206421	28 Jan 202619:12	–	euvd
NVD	CVE-2025-68662	28 Jan 202620:16	–	nvd
OSV	BIT-DISCOURSE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass	2 Feb 202608:42	–	osv
OSV	CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass	28 Jan 202619:12	–	osv
Positive Technologies	PT-2026-5185	28 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-68662	29 Jan 202621:21	–	redhatcve

NVD

Vulners

Node

discourse discourseRange<3.5.4stable

discourse discourseRange2025.11.0–2025.11.2stable

discourse discourseMatch2025.12.0stable

discourse discourseMatch2026.1.0stable

[
  {
    "vendor": "discourse",
    "product": "discourse",
    "versions": [
      {
        "version": "< 3.5.4",
        "status": "affected"
      },
      {
        "version": ">= 2025.11.0-latest, < 2025.11.2",
        "status": "affected"
      },
      {
        "version": ">= 2025.12.0-latest, < 2025.12.1",
        "status": "affected"
      },
      {
        "version": ">= 2026.1.0-latest, < 2026.1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/discourse/discourse/security/advisories/GHSA-gcfp-rjfc-925c

30 Jan 2026 20:44Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.6 - 9.9

EPSS0.00032

SSVC

CWE-918