{"vulnerability": "GHSA-79QW-R73R-69GF", "sightings": [{"uuid": "31a9752a-533f-481b-af48-206022c9032a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-79QW-R73R-69GF", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19464", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49845\n\ud83d\udd25 CVSS Score: 6.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available.\n\ud83d\udccf Published: 2025-06-25T15:39:01.328Z\n\ud83d\udccf Modified: 2025-06-25T15:39:01.328Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf", "creation_timestamp": "2025-06-25T15:52:10.000000Z"}]}