CVE-2025-59932

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59932

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59932.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59932

Aliases

GHSA-v8rh-25rf-gfqw

Published

2025-09-27T00:51:01.805Z

Modified

2026-04-02T12:57:03.723887Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L CVSS Calculator

Summary

FlagForgeCTF Unauthenticated Resource Modification/Deletion

Details

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59932.json"
}

References

Affected packages

Git / github.com/flagforgectf/flagforge

Affected ranges

Type: GIT
Repo: https://github.com/flagforgectf/flagforge
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

304b6c82a4f76871b336404b91e5cdd8a7d7d5bd

Affected versions

Other

ctf

v2.*

v2.2

v2.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59932.json"