Discourse: Improper Post Visibility Restriction in Discourse Whisper Posts - Proactive Insights and Support For Open-Source Applications

In Discourse versions prior to 3.4.6 (stable) and 3.5.0.beta8-dev (tests-passed) a medium severity vulnerability CVE-2025-49845 was detected. This vulnerability allows users to continue viewing their own whisper posts even after losing group-based permission to view such content. To address this issue, users should upgrade Discourse to versions 3.4.6 or later (stable), 3.5.0.beta8-dev (tests-passed). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49845.