8.6

CVE-2025-59932

EPSS 0.05%
Veröffentlicht 27.09.2025 01:15:43
Zuletzt bearbeitet 08.10.2025 16:56:50
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flagforge ≫ Flagforge Version >= 2.0 < 2.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
security-advisories@github.com	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59932

EUVD