Unauthorized Resource Management in Flag Forge Capture The Flag Platform
CVE-2025-59932

8.6HIGH

Key Information:

Vendor: Flagforgectf
Status: Flagforge
Vendor: CVE Published:; 27 September 2025

🔔 Create Flagforgectf Vulnerability Alert

What is CVE-2025-59932?

Flag Forge, a popular Capture The Flag (CTF) platform, is susceptible to an improper authentication vulnerability that affects versions from 2.0.0 up to, but not including, 2.3.1. The vulnerability is located at the /api/resources endpoint, which previously allowed POST and DELETE requests without adequate authentication or authorization measures in place. This oversight exposes the platform to unauthorized users, potentially enabling them to create, modify, or delete critical resources at will. Users are strongly advised to upgrade to version 2.3.1 where this issue has been addressed to ensure the security and integrity of their resources.

Affected Version(s)

flagForge >= 2.0.0, < 2.3.1

References

https://github.com/FlagForgeCTF/flagForge/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2025
Vulnerability Reserved
Sep 23, 2025

JSON