Unrated severityNVD Advisory· Published Aug 19, 2025· Updated Aug 19, 2025

flaskBlog allows arbitrary privilege escalation

CVE-2025-55736

Description

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.

Affected products

flaskBlog/flaskBlogllm-create
Range: <=2.8.0
DogukanUrker/FlaskBlogv5
Range: <= 2.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000