CVE-2025-24886: pwn.college has Symlink LFI in Dojo repos
Description
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.
Classification
CVE ID: CVE-2025-24886
CVSS Base Severity: HIGH
CVSS Base Score: 7.7
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
Vendor: pwncollege
Product: dojo
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.77% (scored less or equal to compared to others)
EPSS Date: 2025-02-28 (when was this score calculated)