CVE-2025-55736 Information

Aug 20, 2025 cve

Description

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier an arbitrary user can change his role to dmin\ giving its relative privileges (e.g. delete users posts comments etc.). The problem is in the routes/adminPanelUsers file.

Reference

https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72

CNNVD-202508-2209 (Published: 2025-08-19)

Share on: