CVE-2025-24885

Summary

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.

Affected Software

VendorProductVersion RangeStatus
pwncollegedojo<= 613e4fd654b16e5e0888e9205702bde83de91c60affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control
  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References