CVE-2025-55737
CVE-2025-55737 affects flaskBlog versions prior to 2.8.0. The root cause is missing ownership validation when deleting comments, enabling any user to delete another user’s comment by intercepting the delete request and altering the commentID in routes/post.py. Documents consistently describe the ...