Main Vulnerability Database Vulnerabilities #VU109059

Cryptographic issues in Flask - CVE-2025-47278

Published: May 13, 2025

Vulnerability identifier: #VU109059

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-47278

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: The Pallets Projects

Affected software:
Flask

Detailed vulnerability description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to the way fallback key configuration was handled. The application used the last fallback key for signing, rather than the current signing key, which could potentially lead to data tampering.

How to mitigate CVE-2025-47278

Install updates from vendor's website.

Sources

https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g

Cryptographic issues in Flask - CVE-2025-47278

Detailed vulnerability description

How to mitigate CVE-2025-47278

Sources

Please verify you're human