CVE-2025-24886

Name of the Vulnerable Software and Affected Versions pwn.college (affected versions not specified)

Description The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion (LFI) from the CTFd container without requiring admin privileges. When a user clones or updates repositories, a check is performed to see if the repository contains any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.