CNNVD-202509-4277 Information

CNNVD ID

CNNVD-202509-4277

Related CVE

CVE-2025-59932

• CNNVD Published: 2025-09-27

Description (Chinese)

Flag Forge是FlagForge开源的一个易于使用的CTF平台。 Flag Forge 2.0.0版本至2.3.1之前版本存在访问控制错误漏洞，该漏洞源于/api/resources端点缺少适当的身份验证和授权，可能导致未授权用户创建、修改或删除平台资源。

Description (English)

Flag Forge is an easy-to-use CTF platform for the FlagForge open source. There was an access control error gap in the pre-Flag Forge 2.0 to 2.3.1, which stemmed from the lack of proper authentication and authorization at the /api/resources endpoint, which could lead to unauthorized users creating, modifying or deleting Platform resources.

Hazard Level

Medium

Vulnerability Type

访问控制错误

Affected Vendor

FlagForge

Published

2025-09-27

Last Modified

2026-02-24

References

https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw https://access.redhat.com/security/cve/cve-2025-59932

Patch

https://github.com/FlagForgeCTF/flagForge/releases