Medium severity6.5NVD Advisory· Published Aug 19, 2025· Updated Jun 17, 2026
CVE-2025-55737
CVE-2025-55737
Description
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.8.0
Patches
Vulnerability mechanics
References
1- github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6hp9-jv2f-88wrnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.