PT-2025-39348 · Flagforge · Flagforge
Sarthakkc36
·
Published
2025-09-24
·
Updated
2025-10-25
·
CVE-2025-59827
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Flag Forge versions prior to 2.2.0
Description
Flag Forge is a Capture The Flag (CTF) platform. The
/api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges, such as Staff, to themselves. This can lead to privilege escalation and impersonation of administrative roles.Recommendations
Versions prior to 2.2.0 should be updated to version 2.2.0 or later.
Exploit
Fix
LPE
RCE
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flagforge