CVE-2025-59827

Critical CVSS: 9.8

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.

Vendor

Flagforge

Product

Flagforge

CWE

CWE-862

Yayın Tarihi

2025-09-24 21:15:32

Güncelleme

2025-10-08 16:35:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Flagforge CRITICAL Flagforge 2025

Referanslar

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79

Benzer Kayıtlar

High

CVE-2026-21868

Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (R…

Critical

CVE-2025-61777

Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/b…

High

CVE-2025-59932

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previo…

Medium

CVE-2025-59843

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[use…

Critical

CVE-2025-59841

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application i…

High

CVE-2025-59833

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/probl…