Unrated severityNVD Advisory· Published Sep 24, 2025· Updated Sep 24, 2025
FlagForgeCTF is Missing Authorization in main-v2
CVE-2025-59827
Description
Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.1.0+ 1 more
- (no CPE)range: <=2.1.0
- (no CPE)range: = 2.1.0
Patches
Vulnerability mechanics
References
1- github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-7944-xvv7-cv79mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.