CVE-2025-59932 | THREATINT

Description

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

PUBLISHED Reserved 2025-09-23 | Published 2025-09-27 | Updated 2025-09-29 | Assigner GitHub_M

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Problem types

CWE-284: Improper Access Control

Product status

>= 2.0.0, < 2.3.1

affected

References

github.com/...gForge/security/advisories/GHSA-v8rh-25rf-gfqw

cve.org (CVE-2025-59932)

nvd.nist.gov (CVE-2025-59932)

Download JSON