CVE-2025-59932

High CVSS: 8.6

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

Vendor

Flagforge

Product

Flagforge

CWE

CWE-284

Yayın Tarihi

2025-09-27 01:15:43

Güncelleme

2025-10-08 16:56:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-284 Flagforge HIGH Flagforge 2025

Referanslar

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw

Benzer Kayıtlar

High

CVE-2026-21868

Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (R…

Critical

CVE-2025-61777

Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/b…

Medium

CVE-2025-59843

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[use…

Critical

CVE-2025-59841

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application i…

Critical

CVE-2025-59827

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper acc…

High

CVE-2025-59833

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/probl…