Description

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.

INFO

Published Date :

2025-01-30T22:40:10.799Z

Last Modified :

2025-01-31T16:06:07.620Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24886 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24886.

URL Resource
https://github.com/pwncollege/dojo/security/advisories/GHSA-fcq8-jqq5-9xmh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact