Unrated severityNVD Advisory· Published Sep 27, 2025· Updated Sep 29, 2025
FlagForgeCTF Unauthenticated Resource Modification/Deletion
CVE-2025-59932
Description
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
Affected products
1- Range: >= 2.0.0, < 2.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqwmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.