Skip to main content

CVE-2026-25117

Improper Input Validation (CWE-20)
2026-01-29 security-advisories@github.com

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 29, 2026 - 22:15 nvd
N/A

DescriptionCVE.org

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/* routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http[:]//dojo[.]website. This is a sandbox escape leading to arbitrary javascript execution as the dojo's origin. A challenge author can craft a page that executes any dangerous actions that the user could. Version e33da14449a5abcff507e554f66e2141d6683b0a patches the issue.

AnalysisAI

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/* routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http[:]//dojo[.]website.

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/* routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http[:]//dojo[.]website. This is a sandbox escape leading to arbitrary javascript execution as the dojo's origin. A challenge author can craft a page that executes any dangerous actions that the user could. Version e33da14449a5abcff507e5

Affected ProductsAI

pwn.college DOJO is an education platform for learning cybersecurity

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-25117 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy