CVE-2025-62376

Name of the Vulnerable Software and Affected Versions pwn.college DOJO versions prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef

Description The /workspace endpoint in pwn.college DOJO has an improper authentication issue. An attacker can access any active Windows VM without authorization. The issue is present in the view desktop function, which retrieves a user via a URL parameter without verifying administrative privileges. An attacker can supply any user ID and password in the request parameters to impersonate another user. The function does not validate the supplied password before generating access credentials, allowing an attacker to obtain an iframe source URL that grants full access to the target user's Windows VM. This impacts all users with active Windows VMs, allowing attackers to access and modify data on the Windows machine and in the home directory of the associated Linux machine via the Z: drive. The vulnerable API endpoint is '/workspace'. The vulnerable parameters are user ID and password.

Recommendations Update pwn.college DOJO to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef or a later version.