{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53532", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-02T15:15:11.514Z", "datePublished": "2025-07-07T17:06:58.249Z", "dateUpdated": "2025-07-07T17:52:47.272Z"}, "containers": {"cna": {"title": "giscus allows unauthorized discussion creation", "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "lang": "en", "description": "CWE-285: Improper Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3"}, {"name": "https://github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389", "tags": ["x_refsource_MISC"], "url": "https://github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389"}, {"name": "https://github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9a", "tags": ["x_refsource_MISC"], "url": "https://github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9a"}], "affected": [{"vendor": "giscus", "product": "giscus", "versions": [{"version": "< c43af7806e65adfcf4d0feeebef76dc36c95cb9a", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-07T17:06:58.249Z"}, "descriptions": [{"lang": "en", "value": "giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own self-hosted service. This vulnerability is fixed by the c43af7806e65adfcf4d0feeebef76dc36c95cb9a and 4b9745fe1a326ce08d69f8a388331bc993d19389 commits."}], "source": {"advisory": "GHSA-w6vg-v24f-4vm3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T17:52:34.931217Z", "id": "CVE-2025-53532", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T17:52:47.272Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53532", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-07T17:52:34.931217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T17:52:39.469Z"}}], "cna": {"title": "giscus allows unauthorized discussion creation", "source": {"advisory": "GHSA-w6vg-v24f-4vm3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "giscus", "product": "giscus", "versions": [{"status": "affected", "version": "< c43af7806e65adfcf4d0feeebef76dc36c95cb9a"}]}], "references": [{"url": "https://github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3", "name": "https://github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389", "name": "https://github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9a", "name": "https://github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own self-hosted service. This vulnerability is fixed by the c43af7806e65adfcf4d0feeebef76dc36c95cb9a and 4b9745fe1a326ce08d69f8a388331bc993d19389 commits."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "CWE-285: Improper Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-07T17:06:58.249Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53532", "state": "PUBLISHED", "dateUpdated": "2025-07-07T17:52:47.272Z", "dateReserved": "2025-07-02T15:15:11.514Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-07T17:06:58.249Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own self-hosted service. This vulnerability is fixed by the c43af7806e65adfcf4d0feeebef76dc36c95cb9a and 4b9745fe1a326ce08d69f8a388331bc993d19389 commits."}, {"lang": "es", "value": "giscus es un sistema de comentarios impulsado por Discusiones de GitHub. Un error en la API de creaci\u00f3n de discusiones de giscus permiti\u00f3 que un usuario no autorizado creara discusiones en cualquier repositorio donde estuviera instalado. Esto afecta a la parte del servidor de giscus, que se proporciona a trav\u00e9s de http://giscus.app o de un servicio alojado por el usuario. Esta vulnerabilidad se corrige con las confirmaciones c43af7806e65adfcf4d0feeebef76dc36c95cb9a y 4b9745fe1a326ce08d69f8a388331bc993d19389."}], "id": "CVE-2025-53532", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-07-07T17:15:30.533", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/giscus/giscus/commit/4b9745fe1a326ce08d69f8a388331bc993d19389"}, {"source": "security-advisories@github.com", "url": "https://github.com/giscus/giscus/commit/c43af7806e65adfcf4d0feeebef76dc36c95cb9a"}, {"source": "security-advisories@github.com", "url": "https://github.com/giscus/giscus/security/advisories/GHSA-w6vg-v24f-4vm3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}