CVE-2025-24886

Summary

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.

Affected Software

VendorProductVersion RangeStatus
pwncollegedojo<= 613e4fd654b16e5e0888e9205702bde83de91c60affected

Weaknesses

  • CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following
  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References