Security Advisory

CVE-2025-59827

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-24 20:23:59

Last updated 2025-09-24 20:39:24

Assigner GitHub_M

State PUBLISHED

Description

Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0.

← Browse all CVEs View on cve.org ↗