What is the severity of CVE-2025-24023?

CVE-2025-24023 has a medium severity level due to its potential for username enumeration by unauthenticated users.

How do I fix CVE-2025-24023?

To fix CVE-2025-24023, upgrade Flask-AppBuilder to version 4.5.3 or later.

What is the impact of CVE-2025-24023?

CVE-2025-24023 allows attackers to predict valid usernames by measuring response times during login attempts.

Who is affected by CVE-2025-24023?

CVE-2025-24023 affects all Flask-AppBuilder installations prior to version 4.5.3.

Is CVE-2025-24023 a remote or local vulnerability?

CVE-2025-24023 is a remote vulnerability, as it can be exploited by unauthenticated users over the network.

Vulnerability/
CVE-2025-24023

low

3.7

CWE

204

3/3/2025

CVE-2025-24023: Observable Response Discrepancy in flask-appbuilder

First published: Mon Mar 03 2025(Updated: )

### Impact User enumeration in database authentication in Flask-AppBuilder <= 4.5.3 and werkzeug >= 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. ### Patches Upgrade to flask-appbuilder>=4.5.3 ### Workarounds Downgrade werkzeug to <3.0.0 ### References _Are there any links users can visit to find out more?_

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Flask-AppBuilder	<4.5.3
pip/flask-appbuilder	<4.5.3	4.5.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-24023?
CVE-2025-24023 has a medium severity level due to its potential for username enumeration by unauthenticated users.
How do I fix CVE-2025-24023?
To fix CVE-2025-24023, upgrade Flask-AppBuilder to version 4.5.3 or later.
What is the impact of CVE-2025-24023?
CVE-2025-24023 allows attackers to predict valid usernames by measuring response times during login attempts.
Who is affected by CVE-2025-24023?
CVE-2025-24023 affects all Flask-AppBuilder installations prior to version 4.5.3.
Is CVE-2025-24023 a remote or local vulnerability?
CVE-2025-24023 is a remote vulnerability, as it can be exploited by unauthenticated users over the network.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/description
collector/nvd-api
source/NVD
agent/author
agent/source
agent/severity
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-p8q5-cvwx-wvwp
alias/CVE-2025-24023
agent/last-modified-date
agent/references
agent/tags
collector/nvd-cve
vendor/apache
canonical/flask-appbuilder
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.