CVE-2025-55736

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.

Published: Aug 19, 2025
Updated: Aug 20, 2025
CVE: CVE-2025-55736
Exploit:

No technical information available.

CWEs:

CWE-425
CWE-807

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72

Vulnerability Database

CVE-2025-55736