CVE-2025-61598 | Discourse up to 3.6.0.beta1/3.6.1 Response Header Cache-Control cache containing sensitive information

A vulnerability categorized as problematic has been discovered in Discourse up to 3.6.0.beta1/3.6.1. This affects an unknown function of the component Response Header Handler. Such manipulation of the argument Cache-Control leads to use of cache containing sensitive information.

This vulnerability is listed as CVE-2025-61598. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More