Security Advisory

CVE-2025-24886

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-30 22:40:10
Last updated 2025-01-31 16:06:07
Assigner GitHub_M
State PUBLISHED

Description

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.