Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.
References
Link | Resource |
---|---|
https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79 | Vendor Advisory |
Configurations
History
08 Oct 2025, 16:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:flagforge:flagforge:2.1.0:*:*:*:*:*:*:* | |
First Time |
Flagforge
Flagforge flagforge |
|
References | () https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
24 Sep 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-09-24 21:15
Updated : 2025-10-08 16:35
NVD link : CVE-2025-59827
Mitre link : CVE-2025-59827
CVE.ORG link : CVE-2025-59827
JSON object : View
Products Affected
flagforge
- flagforge
CWE
CWE-862
Missing Authorization