cbcvebase.
CVE-2025-59833
published 2025-09-24

CVE-2025-59833: Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.32%
24.0th percentile
Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free, undermining the business logic of the platform and reducing the integrity of the challenge system. This issue has been patched in version 2.3.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
flagforgeflagforge>= 2.1.0 < 2.32.3
flagforgectfflagforge
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.