PT-2025-33855 · Flaskblog · Flaskblog
Davidedc97
·
Published
2025-08-19
·
Updated
2025-08-19
·
CVE-2025-55737
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
flaskBlog versions prior to 2.8.0
Description:
flaskBlog is a blog application built with Flask. A flaw exists where there is no validation of comment ownership during deletion. This allows any user to delete comments belonging to other users on any post by intercepting the delete request and modifying the
commentID. The vulnerable code is located in routes/post.py.Recommendations:
Update flaskBlog to version 2.8.0 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flaskblog