← Volver a CVEs
CVE-2025-59827
CRITICAL9.8
Descripcion
Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/24/2025
Ultima modificacion10/8/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
flagforge:flagforge
Debilidades (CWE)
CWE-862
Referencias
https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.