CVE-2025-55737 Information

Description

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier when deleting a comment there’s no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.

Reference

https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6hp9-jv2f-88wr

Related CNNVD

CNNVD-202508-2217 (Published: 2025-08-19)