Login Sign Up

CVE-2025-68662

7.6 HIGH
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Discourse's FinalDestination component where hostname validation can be bypassed under certain conditions. This allows attackers to make unauthorized requests from the Discourse server to internal or external systems. All Discourse instances running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Discourse
Versions: All versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Discourse installations are vulnerable; no special configuration required.

📦 What is this software?

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

Discourse by Discourse

View all CVEs affecting Discourse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to other systems within the network, potentially leading to full network compromise.

🟠

Likely Case

Attackers could access metadata services, internal APIs, or other services reachable from the Discourse server, potentially exposing sensitive information.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact would be limited to services within the same network segment as the Discourse server.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires understanding of SSRF techniques and specific conditions to bypass hostname validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.4, 2025.11.2, 2025.12.1, or 2026.1.0

Vendor Advisory: https://github.com/discourse/discourse/security/advisories/GHSA-gcfp-rjfc-925c

Restart Required: Yes

Instructions:

1. Backup your Discourse instance. 2. Update to one of the patched versions using your deployment method (Docker, manual, etc.). 3. Restart the Discourse service. 4. Verify the update was successful.

🧯 If You Can't Patch

  • Implement strict network egress filtering to limit outbound connections from the Discourse server.
  • Deploy a web application firewall (WAF) with SSRF protection rules.

🔍 How to Verify

Check if Vulnerable:

Check your Discourse version in the admin dashboard or via command line: `cd /var/discourse && ./launcher status app`

Check Version:

cd /var/discourse && ./launcher status app | grep version

Verify Fix Applied:

Verify the version is 3.5.4, 2025.11.2, 2025.12.1, or 2026.1.0 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from Discourse server
  • Requests to internal IP addresses or metadata services

Network Indicators:

  • Unexpected outbound connections from Discourse server to internal services

SIEM Query:

source="discourse" AND (dest_ip=169.254.169.254 OR dest_ip=10.* OR dest_ip=172.16.* OR dest_ip=192.168.*)

📊 Metadata

CVE ID: CVE-2025-68662
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-918
EPSS Score: 0.04% exploit probability (13.2th percentile)
Published: January 28, 2026
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68662, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)