Home > Vulnerability Database > CVE-2025-24023

Mend.io Vulnerability Database

CVE-2025-24023

Good to know:

Date: March 3, 2025

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.

Severity Score

3.7

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24023

Url: https://github.com/dpgaspar/Flask-AppBuilder

Url: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp

Url: https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2025-15.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2025-24023

Severity Score

3.7

Weakness Type (CWE)

Observable Response Discrepancy

CWE-204

Top Fix

Upgrade Version

Upgrade to version flask-appbuilder - 4.5.3

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24023

Good to know:

Date: March 3, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?