Main Vulnerability Database Vulnerabilities #VU109059

#VU109059 Cryptographic issues in Flask - CVE-2025-47278

Published: May 13, 2025

Vulnerability identifier: #VU109059

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-47278

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Flask

Software vendor:
The Pallets Projects

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to the way fallback key configuration was handled. The application used the last fallback key for signing, rather than the current signing key, which could potentially lead to data tampering.

Remediation

Install updates from vendor's website.

External links

https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g