Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68660

CVE-2025-68660: Discourse Auth Bypass Vulnerability

CVE-2025-68660 is an authentication bypass flaw in Discourse that allows authenticated users to bypass AI persona access controls and impersonate accounts. This article covers the technical details, affected versions, and patches.

Published:

CVE-2025-68660 Overview

CVE-2025-68660 is an authorization bypass vulnerability affecting Discourse, an open source discussion platform. The vulnerability exists in an endpoint that allows any authenticated user to bypass the ai_discover_persona access controls, gaining unauthorized direct message (DM) access to AI personas. These personas may be configured with access to staff-only categories, RAG (Retrieval-Augmented Generation) document sets, or automated tooling, potentially exposing sensitive organizational data.

Additionally, because the vulnerable controller accepts an arbitrary user_id parameter, attackers can impersonate other user accounts to trigger unwanted AI conversations on their behalf, generating confusing or abusive private message traffic.

Critical Impact

Authenticated attackers can bypass AI persona access controls to access staff-only content and impersonate other users in AI-driven conversations.

Affected Products

  • Discourse versions prior to 3.5.4
  • Discourse versions prior to 2025.11.2
  • Discourse versions prior to 2025.12.1
  • Discourse versions prior to 2026.1.0

Discovery Timeline

  • 2026-01-28 - CVE CVE-2025-68660 published to NVD
  • 2026-01-29 - Last updated in NVD database

Technical Details for CVE-2025-68660

Vulnerability Analysis

This vulnerability is classified as CWE-863: Incorrect Authorization. The flaw resides in a controller endpoint responsible for managing AI persona interactions within the Discourse platform. The endpoint fails to properly enforce access controls defined by the ai_discover_persona permission system, allowing authenticated users to interact with AI personas they should not have access to.

The vulnerability is particularly concerning because AI personas in Discourse can be configured with elevated privileges, including access to staff-only forum categories and RAG document sets containing potentially sensitive organizational knowledge. When an unauthorized user bypasses these controls, they can extract information from these restricted data sources through AI-mediated conversations.

Root Cause

The root cause is improper authorization validation in the AI persona discovery controller. The endpoint does not adequately verify that the requesting user has the necessary permissions to interact with a given AI persona before establishing a DM conversation. Furthermore, the controller accepts a user_id parameter without proper validation, enabling user impersonation attacks.

Attack Vector

The attack is network-accessible and requires only basic authentication to the Discourse platform. An attacker can exploit this vulnerability through the following mechanism:

  1. An authenticated user identifies AI personas configured on the Discourse instance
  2. The attacker sends requests to the vulnerable endpoint, bypassing ai_discover_persona access controls
  3. A DM conversation is established with AI personas that may have access to restricted content
  4. By manipulating the user_id parameter, the attacker can also trigger AI conversations that appear to originate from other users

The vulnerability allows attackers to query AI personas connected to staff-only categories or RAG document repositories, effectively extracting information through indirect access. The user impersonation capability also enables abuse scenarios where targeted users receive unsolicited or inappropriate AI-generated messages.

Detection Methods for CVE-2025-68660

Indicators of Compromise

  • Unusual volume of DM conversations initiated with AI personas from non-privileged accounts
  • API requests to AI persona endpoints containing user_id parameters that don't match the authenticated session
  • Access logs showing authenticated users interacting with AI personas configured for staff-only access
  • Sudden increase in AI-generated PM traffic, particularly involving impersonated users

Detection Strategies

  • Monitor authentication and authorization logs for failed permission checks followed by successful AI persona interactions
  • Implement alerting on API calls that include mismatched user_id parameters versus authenticated session identities
  • Review AI persona conversation logs for access patterns from users without appropriate persona permissions
  • Track anomalous message volumes in AI persona DM channels

Monitoring Recommendations

  • Enable verbose logging for AI persona controller endpoints
  • Configure alerts for authorization bypass patterns in web application firewall (WAF) logs
  • Implement user behavior analytics to detect unusual AI persona interaction patterns
  • Audit AI persona configurations to identify which personas have access to sensitive data sources

How to Mitigate CVE-2025-68660

Immediate Actions Required

  • Upgrade Discourse to version 3.5.4, 2025.11.2, 2025.12.1, or 2026.1.0 immediately
  • Audit AI persona configurations and review which personas have access to sensitive categories or RAG documents
  • Review logs for any evidence of exploitation or unauthorized AI persona access
  • Consider temporarily restricting AI persona functionality if immediate patching is not possible

Patch Information

Discourse has released security patches addressing this vulnerability. Administrators should update to one of the following fixed versions:

  • Version 3.5.4 for the stable branch
  • Version 2025.11.2 for the 2025.11.x release series
  • Version 2025.12.1 for the 2025.12.x release series
  • Version 2026.1.0 for the latest release

For detailed information about the security fix, refer to the GitHub Security Advisory GHSA-mrvm-rprq-jqqh.

Workarounds

  • No known workarounds are available for this vulnerability
  • The only effective mitigation is upgrading to a patched version
  • As a temporary measure, consider restricting access to the Discourse instance to trusted users only
  • Disabling AI persona features entirely may reduce exposure but is not an official workaround
bash
# Upgrade Discourse to the latest patched version
cd /var/discourse
./launcher rebuild app

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.