Back to search
CVE-2025-55737
Published: Aug 19, 2025
Modified: Aug 19, 2025
PUBLISHED
Description
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.
| Vendor | Product | Versions |
|---|---|---|
DogukanUrker | FlaskBlog | affected <= 2.8.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now