CVE-2025-59932

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:flagforge:flagforge:*:*:*:*:*:*:*:*

History

08 Oct 2025, 16:32

Type Values Removed Values Added
References () https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw - () https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw - Vendor Advisory
First Time Flagforge
Flagforge flagforge
CPE cpe:2.3:a:flagforge:flagforge:*:*:*:*:*:*:*:*

27 Sep 2025, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-27 01:15

Updated : 2025-10-08 16:56


NVD link : CVE-2025-59932

Mitre link : CVE-2025-59932

CVE.ORG link : CVE-2025-59932


JSON object : View

Products Affected

flagforge

  • flagforge
CWE
CWE-284

Improper Access Control