CVE-2025-24885

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions pwn.college (affected versions not specified)

Description The issue is related to a lack of access control when generating custom Dojo pages without privileges, allowing users to create stored XSS. This affects the pwn.college platform, which is an education platform for learning and practicing core cybersecurity concepts in a hands-on manner.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-79

Related Identifiers

CVE-2025-24885

GHSA-8M79-RMHW-RG84

Affected Products

Pwn.College

CVE-2025-24885

Weakness Enumeration

Related Identifiers

Affected Products

References · 6