CVE-2025-48877 | Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev Setting allowed_iframes insecure automated optimizations (GHSA-cm93-6m2m-cjcv)

A vulnerability classified as critical has been found in Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev. Affected is the function allowed_iframes of the component Setting Handler. The manipulation leads to insecure automated optimizations.

This vulnerability is traded as CVE-2025-48877. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More