PT-2025-39700 · Flagforge · Flagforge
At0Mxploit
·
Published
2025-09-27
·
Updated
2025-10-08
·
CVE-2025-59932
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Flag Forge versions 2.0.0 through 2.3.0
Description
The Flag Forge platform contained a security issue where the
/api/resources API endpoint permitted POST and DELETE requests without appropriate authentication or authorization. This allowed unauthorized users to create, modify, or delete resources.Recommendations
Upgrade to version 2.3.1 to address the issue.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flagforge