CVE-2025-59833

High CVSS: 7.5

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free, undermining the business logic of the platform and reducing the integrity of the challenge system. This issue has been patched in version 2.3.0.

Vendor

Flagforge

Product

Flagforge

CWE

CWE-200

Yayın Tarihi

2025-09-24 21:15:32

Güncelleme

2025-10-08 16:34:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Flagforge HIGH Flagforge 2025

Referanslar

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-hm85-2j65-j8j2

Benzer Kayıtlar

High

CVE-2026-21868

Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (R…

Critical

CVE-2025-61777

Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/b…

High

CVE-2025-59932

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previo…

Medium

CVE-2025-59843

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[use…

Critical

CVE-2025-59841

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application i…

Critical

CVE-2025-59827

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper acc…