CNNVD-202509-3775 Information

CNNVD ID

CNNVD-202509-3775

Related CVE

CVE-2025-59833

• CNNVD Published: 2025-09-24

Description (Chinese)

Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.1.0版本至2.3.0之前版本存在信息泄露漏洞，该漏洞源于API端点GET /api/problems/:id以明文返回挑战提示，可能导致业务逻辑被破坏。

Description (English)

Flag Forge is an easy-to-use CTF platform for the FlagForge open source. Flag Forge, versions 2.1.0 to 2.3.0, had a leaking loophole, which originated from the API endpoint GET /api/problems/:id to explicitly return the challenge alert, which could lead to the disruption of business logic.

Hazard Level

Medium

Vulnerability Type

信息泄露

Affected Vendor

快车

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-hm85-2j65-j8j2 https://access.redhat.com/security/cve/cve-2025-59833

Patch

https://github.com/FlagForgeCTF/flagForge/releases