High severity7.6NVD Advisory· Published Jan 30, 2025· Updated Apr 15, 2026

CVE-2025-24885

Description

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/pwncollege/dojo/security/advisories/GHSA-8m79-rmhw-rg84nvd

News mentions

No linked articles in our index yet.

cvss	0.494
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000