Unrated severityNVD Advisory· Published Sep 27, 2025· Updated Sep 29, 2025
FlagForgeCTF Unauthenticated Resource Modification/Deletion
CVE-2025-59932
Description
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=2.0.0, <2.3.1+ 1 more
- (no CPE)range: >=2.0.0, <2.3.1
- (no CPE)range: >= 2.0.0, < 2.3.1
Patches
Vulnerability mechanics
References
1- github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-v8rh-25rf-gfqwmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.