CVE-2025-59932
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-27

Last updated on: 2025-10-08

Assigner: GitHub, Inc.

Description
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-27
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-09-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59932
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flagforge flagforge From 2.0 (inc) to 2.3.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Flag Forge versions 2.0.0 to before 2.3.1 allowed unauthorized users to send POST and DELETE requests to the /api/resources endpoint without proper authentication or authorization. This means attackers could create, modify, or delete resources on the platform without permission. The issue was fixed in version 2.3.1.

Impact Analysis

The vulnerability could allow attackers to manipulate resources on the Flag Forge platform, potentially leading to unauthorized changes, data loss, or disruption of service. This could compromise the integrity and availability of the platform's data and functionality.

Mitigation Strategies

Upgrade Flag Forge to version 2.3.1 or later, where the issue has been fixed. Until then, restrict access to the /api/resources endpoint to authorized users only to prevent unauthorized POST and DELETE requests.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59932. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart