CVE-2025-24023

Published: 2025-03-03T16:15Z

Last Modified: 2025-03-07T21:44Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt