Information Disclosure in Flag Forge CTF Platform
CVE-2025-59833

7.5HIGH

Key Information:

Vendor: Flagforgectf
Status: Flagforge
Vendor: CVE Published:; 24 September 2025

🔔 Create Flagforgectf Vulnerability Alert

What is CVE-2025-59833?

Flag Forge, a popular Capture The Flag (CTF) platform, suffers from a significant vulnerability that allows users to access challenge hints through the API endpoint GET /api/problems/:id. This security flaw exists in versions from 2.1.0 to prior to 2.3.0, where hints are returned in plaintext, exposing sensitive information irrespective of a user's progress or point deductions. This compromises the integrity of the challenge system and undermines the platform's business logic. The vulnerability has been resolved in version 2.3.0, making it essential for users to upgrade to the latest version to ensure their environments remain secure.

Affected Version(s)

flagForge >= 2.1.0, < 2.3.0

References

https://github.com/FlagForgeCTF/flagForge/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Sep 22, 2025

JSON