What is CVE-2025-24023?

CVE-2025-24023 is a low-severity vulnerability in Dpgaspar Flask-appbuilder, classified under Observable Response Discrepancy. CVSS score: 3.7/10. Published 2025-03-03.

How severe is CVE-2025-24023?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Dpgaspar Flask-appbuilder

CVE-2025-24023

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This…

EPSS: 0.005 (66.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dpgaspar Flask-appbuilder — versions < 4.5.3

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

References

https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-p8q5-cvwx-wvwp (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-24023?: CVE-2025-24023 is a low-severity vulnerability in Dpgaspar Flask-appbuilder, classified under Observable Response Discrepancy. CVSS score: 3.7/10. Published 2025-03-03.
How severe is CVE-2025-24023?: Low severity. CVSS v3 base score is 3.7 out of 10.