How severe is CVE-2025-55736?

CVE-2025-55736 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-55736

Name: flaskblog
Author: dogukanurker

6.5MEDIUM

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem

Опубликовано: 8/19/2025Обновлено: 8/22/2025

Описание

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.

ИИ-АнализНа базе ИИ

Затронутые продукты

dogukanurkerflaskblog

Ссылки

https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6q83-vfmq-wf72
ExploitThird Party Advisory