CVE-2025-55734
CVE-2025-55734 affects flaskBlog (versions ≤ 2.8.0). The root cause is a missing authorization check on admin subroutes: the RBAC check runs only for the /admin page in routes/adminPanel.py, while routes/adminPanelComments.py and routes/adminPanelPosts.py are not protected. This allows unauthoriz...