Access Control Issue in Flag Forge CTF Platform
CVE-2025-59827

8.2HIGH

Key Information:

Vendor: Flagforgectf
Status: Flagforge
Vendor: CVE Published:; 24 September 2025

🔔 Create Flagforgectf Vulnerability Alert

What is CVE-2025-59827?

Flag Forge, a popular Capture The Flag (CTF) platform, contains an access control vulnerability in version 2.1.0 that affects the /api/admin/assign-badge endpoint. This weakness allows any authenticated user to assign themselves high-privilege badges, such as Staff, without proper authorization. Such functionality could lead to privilege escalation and potentially allow users to impersonate administrative roles, compromising the integrity and security of the platform. This vulnerability has been addressed in version 2.2.0.

Affected Version(s)

flagForge = 2.1.0

References

https://github.com/FlagForgeCTF/flagForge/security/adviso...

x_refsource_CONFIRM

CVSS V3.0

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Sep 22, 2025

JSON