VYPR
Unrated severityNVD Advisory· Published Sep 24, 2025· Updated Sep 24, 2025

FlagForgeCTF Hint Exposure via API

CVE-2025-59833

Description

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free, undermining the business logic of the platform and reducing the integrity of the challenge system. This issue has been patched in version 2.3.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Flagforgectf/Flagforgellm-fuzzy2 versions
    >=2.1.0 <2.3.0+ 1 more
    • (no CPE)range: >=2.1.0 <2.3.0
    • (no CPE)range: >= 2.1.0, < 2.3.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.