CVE-2025-68666

🗓️ 28 Jan 2026 19:14:09Reported by GitHub_MType

Discourse archives leaked to moderators exposing private content; fixed in 3.5.4 and newer.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-68666	28 Jan 202619:14	–	attackerkb
CNNVD	Discourse security vulnerabilities	28 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-68666 Discourse users archives leaked to users with moderation privileges	28 Jan 202619:14	–	cvelist
EUVD	EUVD-2025-206423	28 Jan 202619:14	–	euvd
NVD	CVE-2025-68666	28 Jan 202620:16	–	nvd
OSV	BIT-DISCOURSE-2025-68666 Discourse users archives leaked to users with moderation privileges	2 Feb 202608:42	–	osv
OSV	CVE-2025-68666 Discourse users archives leaked to users with moderation privileges	28 Jan 202619:14	–	osv
Positive Technologies	PT-2026-5186	28 Jan 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-68666	29 Jan 202621:21	–	redhatcve
Vulnrichment	CVE-2025-68666 Discourse users archives leaked to users with moderation privileges	28 Jan 202619:14	–	vulnrichment

NVD

Vulners

Node

discourse discourseRange<3.5.4stable

discourse discourseRange2025.11.0–2025.11.2stable

discourse discourseMatch2025.12.0stable

discourse discourseMatch2026.1.0stable

[
  {
    "vendor": "discourse",
    "product": "discourse",
    "versions": [
      {
        "version": "< 3.5.4",
        "status": "affected"
      },
      {
        "version": ">= 2025.11.0-latest, < 2025.11.2",
        "status": "affected"
      },
      {
        "version": ">= 2025.12.0-latest, < 2025.12.1",
        "status": "affected"
      },
      {
        "version": ">= 2026.1.0-latest, < 2026.1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/discourse/discourse/security/advisories/GHSA-xmvw-jjqq-25mv

17 Jun 2026 09:59Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.5

CVSS 45.9

EPSS0.00238

SSVC

CWE-863