CVE-2025-67723 MEDIUM

CVE-2025-67723: Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin

Vendor Discourse

Product discourse

Weakness CWE-79 · XSS

Published January 28, 2026

Last update January 28, 2026

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, the Discourse Math plugin can be disabled, or the Mathjax provider can be used instead of KaTeX.

Key dates

02Disclosure timeline

January 28, 2026 CVE published

January 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-67723 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-67723

CWE CWE-79

CVSS 4.6 / MEDIUM

Affected versions

Vendor Discourse

Product discourse

Affected < 3.5.4

Vendor Discourse

Product discourse

Affected >= 2025.11.0-latest, < 2025.11.2

Vendor Discourse

Product discourse

Affected >= 2025.12.0-latest, < 2025.12.1

Vendor Discourse

Product discourse

Affected >= 2026.1.0-latest, < 2026.1.0

CVE-2025-67723: Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin

01Description

02Disclosure timeline

03References

04Related CVE