CVE-2025-61777
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2025-10-30

Assigner: GitHub, Inc.

Description
Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized users to retrieve all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and/or create arbitrary badge templates in the database. This could lead to data exposure, database pollution, or abuse of the badge system. The issue has been fixed in FlagForge v2.3.2. GET, POST, UPDATE, and DELETE endpoints now require authentication. Authorization checks ensure only admins can access and modify badge templates. No reliable workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61777
EUVD
EUVD-2025-33190
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flagforge flagforge From 2.0 (inc) to 2.3.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-61777 is a critical improper access control vulnerability in the FlagForge CTF platform versions 2.0.0 through 2.3.1. The vulnerability allowed unauthenticated users to access the /api/admin/badge-templates (GET) and /api/admin/badge-templates/create (POST) endpoints without any authentication or authorization. This meant unauthorized users could retrieve all badge templates along with sensitive metadata such as who created them and when, and also create arbitrary badge templates in the database. This flaw was due to missing authentication and improper access control, potentially leading to data exposure, database pollution, and abuse of the badge system. The issue was fixed in version 2.3.2 by enforcing authentication and admin-only authorization on these endpoints. [1]

Impact Analysis

This vulnerability can have serious impacts including significant data exposure by allowing unauthorized users to access sensitive badge template metadata, database pollution by letting attackers create arbitrary badge templates, and abuse of the badge system which could undermine platform integrity and user trust. Since the vulnerability requires no privileges or user interaction and is exploitable remotely, it poses a high risk of confidentiality and integrity loss, potentially compromising the security and reliability of the FlagForge platform. [1]

Detection Guidance

You can detect this vulnerability by attempting to access the vulnerable endpoints without authentication. Specifically, try sending HTTP requests to the following endpoints on your FlagForge instance running versions 2.0.0 through 2.3.1: 1. GET /api/admin/badge-templates 2. POST /api/admin/badge-templates/create If these endpoints respond successfully without requiring authentication or authorization, your system is vulnerable. Example commands using curl: - To test GET endpoint: curl -v http://<flagforge-host>/api/admin/badge-templates - To test POST endpoint: curl -v -X POST http://<flagforge-host>/api/admin/badge-templates/create -d '{"name":"test","description":"test","icon":"test"}' -H 'Content-Type: application/json' A successful response without authentication indicates the vulnerability is present. [1]

Mitigation Strategies

The immediate and recommended mitigation is to upgrade FlagForge to version 2.3.2 or later, where the vulnerability is fixed by enforcing authentication and admin-only authorization on all badge template endpoints (GET, POST, UPDATE, DELETE). There are no reliable workarounds other than upgrading. Until you upgrade, restrict network access to these endpoints to trusted administrators only, if possible, to reduce exposure. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61777. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart