CVE-2025-55736

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dogukanurker:flaskblog:*:*:*:*:*:*:*:*

History

22 Aug 2025, 20:56

Type	Values Removed	Values Added
References	~~() https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72 -~~	() https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:dogukanurker:flaskblog::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
First Time		Dogukanurker Dogukanurker flaskblog

20 Aug 2025, 14:40

Type	Values Removed	Values Added
Summary		(es) flaskBlog es una aplicación de blog desarrollada con Flask. En la versión 2.8.0 y anteriores, cualquier usuario podía cambiar su rol a "admin", otorgándole privilegios relativos (por ejemplo, eliminar usuarios, publicaciones, comentarios, etc.). El problema está en el archivo route/adminPanelUsers.

19 Aug 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 19:15

Updated : 2025-08-22 20:56

NVD link : CVE-2025-55736

Mitre link : CVE-2025-55736

CVE.ORG link : CVE-2025-55736

JSON object : View

Products Affected

dogukanurker

flaskblog

CWE

CWE-425

Direct Request ('Forced Browsing')

CWE-807

Reliance on Untrusted Inputs in a Security Decision

{"id": "CVE-2025-55736", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-19T19:15:37.837", "references": [{"url": "https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-425"}, {"lang": "en", "value": "CWE-807"}]}], "descriptions": [{"lang": "en", "value": "flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to \"admin\", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file."}, {"lang": "es", "value": "flaskBlog es una aplicaci\u00f3n de blog desarrollada con Flask. En la versi\u00f3n 2.8.0 y anteriores, cualquier usuario pod\u00eda cambiar su rol a \"admin\", otorg\u00e1ndole privilegios relativos (por ejemplo, eliminar usuarios, publicaciones, comentarios, etc.). El problema est\u00e1 en el archivo route/adminPanelUsers."}], "lastModified": "2025-08-22T20:56:14.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dogukanurker:flaskblog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EEEDB77-8F07-4D42-A2BE-34013446D9F8", "versionEndIncluding": "2.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}