CVE-2025-59932
BaseFortify
Publication date: 2025-09-27
Last updated on: 2025-10-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flagforge | flagforge | From 2.0 (inc) to 2.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Flag Forge versions 2.0.0 to before 2.3.1 allowed unauthorized users to send POST and DELETE requests to the /api/resources endpoint without proper authentication or authorization. This means attackers could create, modify, or delete resources on the platform without permission. The issue was fixed in version 2.3.1.
How can this vulnerability impact me? :
The vulnerability could allow attackers to manipulate resources on the Flag Forge platform, potentially leading to unauthorized changes, data loss, or disruption of service. This could compromise the integrity and availability of the platform's data and functionality.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Flag Forge to version 2.3.1 or later, where the issue has been fixed. Until then, restrict access to the /api/resources endpoint to authorized users only to prevent unauthorized POST and DELETE requests.