FlagForgeCTF Unauthenticated Resource Modification/Deletion_CVE-2025-59932

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Description

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

Basic Information

ID CVE-2025-59932

Source GitHub_M

Published Sep 27, 2025 at 00:51

Affected Product

Vendor FlagForgeCTF

Product flagForge

Version >= 2.0.0, < 2.3.1

Affected Versions FlagForgeCTF flagForge >= 2.0.0, < 2.3.1

CWE Classification

CWE-284

References

github.com /FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw

{
    "lastseen": "",
    "description": "Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.",
    "published": "2025-09-27T00:51:01.805Z",
    "modified": "2025-09-27T00:51:01.805Z",
    "type": "cve",
    "title": "FlagForgeCTF Unauthenticated Resource Modification/Deletion",
    "source": "GitHub_M",
    "references": "https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqw",
    "id": "CVE-2025-59932",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "FlagForgeCTF flagForge >= 2.0.0, < 2.3.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "flagForge",
    "version": ">= 2.0.0, < 2.3.1",
    "vendor": "FlagForgeCTF",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}