Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24023


Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.


Published

2025-03-03T16:15:41.820

Last Modified

2025-03-07T21:44:56.620

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses
  • Type: Primary
    CWE-204
  • Type: Secondary
    CWE-203

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application dpgaspar flask-appbuilder < 4.5.3 Yes

References