CVE-2025-47288 - Discourse Policy Plugin Group Policy Information Disclosure

CVE ID : CVE-2025-47288

Published : May 29, 2025, 8:15 p.m. | 1 hour, 18 minutes ago

Description : Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-37779 – “ERofs Linux Kernel Folio UAF Vulnerability”

May 1, 2025

CVE ID : CVE-2025-37779

Published : May 1, 2025, 2:15 p.m. | 1 hour, 10 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

lib/iov_iter: fix to increase non slab folio refcount

When testing EROFS file-backed mount over v9fs on qemu, I encountered a
folio UAF issue. The page sanity check reports the following call trace.
The root cause is that pages in bvec are coalesced across a folio bounary.
The refcount of all non-slab folios should be increased to ensure
p9_releas_pages can put them correctly.

BUG: Bad page state in process md5sum pfn:18300
page: refcount:0 mapcount:0 mapping:00000000d5ad8e4e index:0x60 pfn:0x18300
head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
aops:z_erofs_aops ino:30b0f dentry name(?):”GoogleExtServicesCn.apk”
flags: 0x100000000000041(locked|head|node=0|zone=1)
raw: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0
raw: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000
head: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0
head: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000
head: 0100000000000000 0000000000000000 ffffffffffffffff 0000000000000000
head: 0000000000000010 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Call Trace:
dump_stack_lvl+0x53/0x70
bad_page+0xd4/0x220
__free_pages_ok+0x76d/0xf30
__folio_put+0x230/0x320
p9_release_pages+0x179/0x1f0
p9_virtio_zc_request+0xa2a/0x1230
p9_client_zc_rpc.constprop.0+0x247/0x700
p9_client_read_once+0x34d/0x810
p9_client_read+0xf3/0x150
v9fs_issue_read+0x111/0x360
netfs_unbuffered_read_iter_locked+0x927/0x1390
netfs_unbuffered_read_iter+0xa2/0xe0
vfs_iocb_iter_read+0x2c7/0x460
erofs_fileio_rq_submit+0x46b/0x5b0
z_erofs_runqueue+0x1203/0x21e0
z_erofs_readahead+0x579/0x8b0
read_pages+0x19f/0xa70
page_cache_ra_order+0x4ad/0xb80
filemap_readahead.isra.0+0xe7/0x150
filemap_get_pages+0x7aa/0x1890
filemap_read+0x320/0xc80
vfs_read+0x6c6/0xa30
ksys_read+0xf9/0x1c0
do_syscall_64+0x9e/0x1a0
entry_SYSCALL_64_after_hwframe+0x71/0x79

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Elon Musk says we’re in the “intelligence big bang” — after warning that a power crunch could kill the AI revolution this year

OpenAI introduces “ChatGPT agent” as the ultimate jack of all AI trades — with its own computer to check out your to-do list

This Android wearable lasts for days, and left my Samsung Galaxy Watch in the dust

This physical Clicks keyboard is the Pixel 9 upgrade I didn’t know I needed

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

Elon Musk says we’re in the “intelligence big bang” — after warning that a power crunch could kill the AI revolution this year

Elon Musk says we’re in the “intelligence big bang” — after warning that a power crunch could kill the AI revolution this year

How to Fix Unable to Login to Facebook on PC (Step-by-Step)

OpenAI introduces “ChatGPT agent” as the ultimate jack of all AI trades — with its own computer to check out your to-do list

CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

tempesta is a CLI bookmark manager

CVE-2025-53928 – MaxKB Remote Command Execution

CVE-2025-48134 – ShapedPlugin LLC WP Tabs Object Injection

Motorola Solutions to outfit first responders with new AI-enabled body cameras

CVE-2025-37779 – “ERofs Linux Kernel Folio UAF Vulnerability”

CVE-2025-46707 – VMware ESXi Firmware Privilege Escalation

CVE-2025-45753 – Vtiger CRM PHP Code Execution Vulnerability

CodeSOD: A Steady Ship

CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

Related Posts