CVE-2025-61777
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flagforge | flagforge | From 2.0 (inc) to 2.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61777 is a critical improper access control vulnerability in the FlagForge CTF platform versions 2.0.0 through 2.3.1. The vulnerability allowed unauthenticated users to access the /api/admin/badge-templates (GET) and /api/admin/badge-templates/create (POST) endpoints without any authentication or authorization. This meant unauthorized users could retrieve all badge templates along with sensitive metadata such as who created them and when, and also create arbitrary badge templates in the database. This flaw was due to missing authentication and improper access control, potentially leading to data exposure, database pollution, and abuse of the badge system. The issue was fixed in version 2.3.2 by enforcing authentication and admin-only authorization on these endpoints. [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including significant data exposure by allowing unauthorized users to access sensitive badge template metadata, database pollution by letting attackers create arbitrary badge templates, and abuse of the badge system which could undermine platform integrity and user trust. Since the vulnerability requires no privileges or user interaction and is exploitable remotely, it poses a high risk of confidentiality and integrity loss, potentially compromising the security and reliability of the FlagForge platform. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by attempting to access the vulnerable endpoints without authentication. Specifically, try sending HTTP requests to the following endpoints on your FlagForge instance running versions 2.0.0 through 2.3.1: 1. GET /api/admin/badge-templates 2. POST /api/admin/badge-templates/create If these endpoints respond successfully without requiring authentication or authorization, your system is vulnerable. Example commands using curl: - To test GET endpoint: curl -v http://<flagforge-host>/api/admin/badge-templates - To test POST endpoint: curl -v -X POST http://<flagforge-host>/api/admin/badge-templates/create -d '{"name":"test","description":"test","icon":"test"}' -H 'Content-Type: application/json' A successful response without authentication indicates the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade FlagForge to version 2.3.2 or later, where the vulnerability is fixed by enforcing authentication and admin-only authorization on all badge template endpoints (GET, POST, UPDATE, DELETE). There are no reliable workarounds other than upgrading. Until you upgrade, restrict network access to these endpoints to trusted administrators only, if possible, to reduce exposure. [1]