Description

Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due to a race condition. The patch in versions `3.3.4` and `3.4.0.beta5` uses the `lock` step in service to wrap part of the `add_users_to_channel` service inside a distributed lock/mutex in order to avoid the race condition.

INFO

Published Date :

2025-03-26T14:08:38.915Z

Last Modified :

2025-03-26T18:26:18.555Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24808 vulnerability.

Vendors Products
Discourse
  • Discourse
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24808.

URL Resource
https://github.com/discourse/discourse/commit/a16b2f224860f6678f89f5ffa012f0ede17e4095 cve-icon cve-icon
https://github.com/discourse/discourse/security/advisories/GHSA-hfcx-qjw6-573r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact