What is CVE-2025-47278?

CVE-2025-47278 is a vulnerability in Pallets Flask, classified under CWE-683. Published 2025-05-13.

Is CVE-2025-47278 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pallets Flask

CVE-2025-47278

Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing…

EPSS: 0.001 (28.2th percentile) — read the EPSS interpretation.

Affected products

Pallets Flask — versions = 3.1.0

Weakness classification (CWE)

CWE-683

Public proof-of-concept exploits

References

https://github.com/pallets/flask/security/advisories/GHSA-4grg-w6v8-c28g (x_refsource_CONFIRM)
https://github.com/pallets/flask/commit/73d6504063bfa00666a92b07a28aaf906c532f09 (x_refsource_MISC)
https://github.com/pallets/flask/releases/tag/3.1.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-47278?: CVE-2025-47278 is a vulnerability in Pallets Flask, classified under CWE-683. Published 2025-05-13.
Is CVE-2025-47278 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.