6.5 CVE-2025-55737
Exploit
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.
https://nvd.nist.gov/vuln/detail/CVE-2025-55737
Categories
CWE-639
References
security-advisories@github.com Exploit
| https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6hp9-jv2f-... Exploit Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:dogukanurker:flaskblog:*:*:*:*:*:*:*:* | <= 2.8.0 | |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| https://github.com/DogukanUrker/FlaskBlog/security/advisories/GHSA-6hp9-jv2f-... |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
