CVE-2025-24885 Information

Description

pwn.college is an education platform to learn about and practice core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.

Reference

https://github.com/pwncollege/dojo/security/advisories/GHSA-8m79-rmhw-rg84