exploitDog

CVE-2025-59932

Опубликовано: 27 сент. 2025

Источник: nvd

CVSS3: 8.6

CVSS3: 8.2

EPSS Низкий

Описание

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

Ссылки

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flagforge:flagforge:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 2.3.1 (исключая)

EPSS

Процентиль: 22%

0.00072

Низкий

8.6 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-284

EPSS

Процентиль: 22%

0.00072

Низкий

8.6 High

CVSS3

8.2 High

CVSS3

Дефекты

CWE-284