CVE-2025-53102

Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user’s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8.

CVSS

No CVSS.

References

Link	Resource
https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802
https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb
https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv

Configurations

No configuration.

History

31 Jul 2025, 18:42

Type	Values Removed	Values Added
Summary		(es) Discourse es una plataforma de discusión comunitaria de código abierto. Antes de la versión 3.4.7 en la rama "stable" y la versión 3.5.0.beta.8 en la rama "tests-passed", al emitir una clave de seguridad física para 2FA, el servidor generaba un desafío de WebAuthn, que el cliente firmaba. El desafío no se borraba de la sesión del usuario después de la autenticación, lo que podría permitir la reutilización y aumentar el riesgo de seguridad. Esto se solucionó en las versiones 3.4.7 y 3.5.0.beta.8.

29 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-29 20:15

Updated : 2025-07-31 18:42

NVD link : CVE-2025-53102

Mitre link : CVE-2025-53102

CVE.ORG link : CVE-2025-53102

JSON object : View

Products Affected

No product.

CWE

CWE-384

Session Fixation

{"id": "CVE-2025-53102", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-29T20:15:28.327", "references": [{"url": "https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802", "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb", "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user\u2019s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8."}, {"lang": "es", "value": "Discourse es una plataforma de discusi\u00f3n comunitaria de c\u00f3digo abierto. Antes de la versi\u00f3n 3.4.7 en la rama \"stable\" y la versi\u00f3n 3.5.0.beta.8 en la rama \"tests-passed\", al emitir una clave de seguridad f\u00edsica para 2FA, el servidor generaba un desaf\u00edo de WebAuthn, que el cliente firmaba. El desaf\u00edo no se borraba de la sesi\u00f3n del usuario despu\u00e9s de la autenticaci\u00f3n, lo que podr\u00eda permitir la reutilizaci\u00f3n y aumentar el riesgo de seguridad. Esto se solucion\u00f3 en las versiones 3.4.7 y 3.5.0.beta.8."}], "lastModified": "2025-07-31T18:42:56.503", "sourceIdentifier": "security-advisories@github.com"}