How severe is CVE-2025-24808?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-24808?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2025-24808 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due to a race condition. The patch in versions `3.3.4` and `3.4.0.beta5` uses the `lock` step in service to wrap part of the `add_users_to_channel` service inside a distributed lock/mutex in order to avoid the race condition.

Related Vulnerabilities

CVE-2019-5840

MEDIUM

CVSS:4.3(Medium)

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CWE-3622019

CVE-2021-43538

MEDIUM

CVSS:4.3(Medium)

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for s...

CWE-3622021

CVE-2019-19537

MEDIUM

CVSS:4.2(Medium)

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/c...

CWE-3622019

CVE-2020-10575

MEDIUM

CVSS:4.2(Medium)

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or...

CWE-3622020

CVE-2020-14416

MEDIUM

CVSS:4.2(Medium)

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip...

CWE-3622020

CVE-2022-41848

MEDIUM

CVSS:4.2(Medium)

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, ...

CWE-3622022