Pwncollege Dojo vulnerabilities
4 known vulnerabilities affecting pwncollege/dojo.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-62376P2CRITICALCVSS 9.5fixed in 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef2025-10-14
CVE-2025-62376 [CRITICAL] CWE-287 CVE-2025-62376: pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The vulnerability occurs in the view_desktop function where t
nvd
CVE-2026-25117P3HIGHCVSS 8.3fixed in e33da14449a5abcff507e554f66e2141d6683b0a2026-01-29
CVE-2026-25117 [HIGH] CWE-20 CVE-2026-25117: pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5ab
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as `http[:]//dojo[.]website`. This is a sandbox escape leading to arbitrary javascript execution
nvd
CVE-2025-24886P3HIGHCVSS 7.7≤ 613e4fd654b16e5e0888e9205702bde83de91c602025-01-30
CVE-2025-24886 [HIGH] CWE-61 CVE-2025-24886: pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any
nvd
CVE-2025-24885P3HIGHCVSS 7.6≤ 613e4fd654b16e5e0888e9205702bde83de91c602025-01-30
CVE-2025-24885 [HIGH] CWE-79 CVE-2025-24885: pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
nvd