PT-2025-39348 · Flagforge · Flagforge

Sarthakkc36

·

Publicado

2025-09-24

·

Atualizado

2025-10-25

·

CVE-2025-59827

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Flag Forge versions prior to 2.2.0
Description Flag Forge is a Capture The Flag (CTF) platform. The /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges, such as Staff, to themselves. This can lead to privilege escalation and impersonation of administrative roles.
Recommendations Versions prior to 2.2.0 should be updated to version 2.2.0 or later.

Exploit

Correção

LPE

RCE

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2025-59827
GHSA-7944-XVV7-CV79

Produtos afetados

Flagforge