Information Disclosure in Flag Forge CTF Platform
CVE-2025-59833

7.5HIGH

Key Information:

Vendor: Flagforgectf
Status: Flagforge
Vendor: CVE Published:; 24 September 2025

🔔 Create Flagforgectf Vulnerability Alert

What is CVE-2025-59833?

Flag Forge, a popular Capture The Flag (CTF) platform, suffers from a significant vulnerability that allows users to access challenge hints through the API endpoint GET /api/problems/:id. This security flaw exists in versions from 2.1.0 to prior to 2.3.0, where hints are returned in plaintext, exposing sensitive information irrespective of a user's progress or point deductions. This compromises the integrity of the challenge system and undermines the platform's business logic. The vulnerability has been resolved in version 2.3.0, making it essential for users to upgrade to the latest version to ensure their environments remain secure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

flagForge >= 2.1.0, < 2.3.0

References

https://github.com/FlagForgeCTF/flagForge/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Sep 22, 2025

JSON

Flagforgectf

What is CVE-2025-59833?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.