Description

Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue to access protected endpoints, such as /api/profile, even after logging out. CSRF tokens are also still valid post-logout, which can allow unauthorized actions. This issue has been patched in version 2.3.1.

INFO

Published Date :

2025-09-25T15:15:45.438Z

Last Modified :

2025-09-29T15:48:10.233Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59841 vulnerability.

Vendors Products
Flagforge
  • Flagforge
Flagforgectf
  • Flagforge
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59841.

URL Resource
https://github.com/FlagForgeCTF/flagForge/commit/304b6c82a4f76871b336404b91e5cdd8a7d7d5bd cve-icon cve-icon
https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-h6pr-4cwv-6cjg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact