
We found results for “”
CVE-2025-55737
Good to know:

Date: August 19, 2025
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code that causes the problem is in routes/post.py.
Severity Score
Severity Score
Weakness Type (CWE)
Authorization Bypass Through User-Controlled Key
CWE-639Top Fix

Upgrade Version
Upgrade to version https://github.com/DogukanUrker/flaskBlog.git - null
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |