CVE-2025-62376
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-12-03

Assigner: GitHub, Inc.

Description
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The vulnerability occurs in the view_desktop function where the user is retrieved via a URL parameter without verifying that the requester has administrative privileges. An attacker can supply any user ID and arbitrary password in the request parameters to impersonate another user. When requesting a Windows desktop service, the function does not validate the supplied password before generating access credentials, allowing the attacker to obtain an iframe source URL that grants full access to the target user's Windows VM. This impacts all users with active Windows VMs, as an attacker can access and modify data on the Windows machine and in the home directory of the associated Linux machine via the Z: drive. This issue has been patched in commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef. No known workarounds exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-12-03
Generated
2026-05-07
AI Q&A
2025-10-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62376
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pwncollege dojo *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in pwn.college DOJO's /workspace endpoint allows an attacker to access any active Windows VM without proper authorization. It occurs because the view_desktop function retrieves the user via a URL parameter without verifying administrative privileges. An attacker can supply any user ID and arbitrary password to impersonate another user. The function does not validate the password before generating access credentials, enabling the attacker to obtain an iframe URL that grants full access to the target user's Windows VM.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can gain unauthorized full access to any active Windows VM on the platform. This means they can access and modify data on the Windows machine and also in the home directory of the associated Linux machine via the Z: drive, potentially leading to data theft, data loss, or unauthorized changes.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been patched in commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef. Immediate steps include updating the pwn.college DOJO platform to this patched version. No known workarounds exist.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart