Back to search
CVE-2025-55736
Published: Aug 19, 2025
Modified: Aug 19, 2025
PUBLISHED
Description
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file.
| Vendor | Product | Versions |
|---|---|---|
DogukanUrker | FlaskBlog | affected <= 2.8.0 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now