CNNVD-202509-3778 Information

CNNVD ID

CNNVD-202509-3778

Related CVE

CVE-2025-59827

• CNNVD Published: 2025-09-24

Description (Chinese)

Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.1.0版本存在安全漏洞，该漏洞源于/api/admin/assign-badge端点缺少适当的访问控制，可能导致权限提升和管理员角色冒充。

Description (English)

Flag Forge is an easy-to-use CTF platform for the FlagForge open source. The security loophole in version Flag Forge 2.1.0 stems from the lack of proper access controls at the /api/admin/assign-budge endpoint, which may lead to enhanced privileges and the impersonation of administrator roles.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

快车

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79 https://access.redhat.com/security/cve/cve-2025-59827

Patch

https://github.com/FlagForgeCTF/flagForge/releases