CVE-2025-24886

Summary

CVE-2025-24886 is a vulnerability affecting the pwn.college education platform. This issue enables users, including non-administrators, to perform a Local File Inclusion (LFI) attack. By crafting a repository with malicious symlinks, a user can trick the CTFd container into accessing sensitive files. The platform fails to adequately check user-specified dojos for incorrect symlinks during repository cloning or updates, leading to potential data exposure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.