7.5

CVE-2025-59833

EPSS 0.07%
Veröffentlicht 24.09.2025 21:15:32
Zuletzt bearbeitet 08.10.2025 16:34:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free, undermining the business logic of the platform and reducing the integrity of the challenge system. This issue has been patched in version 2.3.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flagforge ≫ Flagforge Version >= 2.1.0 < 2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.206

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-hm85-2j65-j8j2

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59833

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59833

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59833

EUVD