VYPR
Unrated severityNVD Advisory· Published Sep 27, 2025· Updated Sep 29, 2025

FlagForgeCTF Unauthenticated Resource Modification/Deletion

CVE-2025-59932

Description

Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the platform. The issue has been fixed in FlagForge version 2.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Flagforgectf/Flagforgellm-fuzzy2 versions
    >=2.0.0, <2.3.1+ 1 more
    • (no CPE)range: >=2.0.0, <2.3.1
    • (no CPE)range: >= 2.0.0, < 2.3.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.