The vulnerability identified as CVE-2025-62376 affects the pwn.college DOJO platform, an educational cybersecurity environment that provides users with Windows virtual machines (VMs) for hands-on learning. Prior to the patch in commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contained an improper authentication flaw categorized under CWE-287. Specifically, the view_desktop function retrieves the user identifier from a URL parameter but fails to verify if the requester holds administrative privileges or validate the supplied password. This allows an attacker to supply arbitrary user IDs and passwords to impersonate any user with an active Windows VM. The function then generates an iframe source URL granting full access to the Windows desktop environment of the targeted user. Because the Windows VM is linked to a Linux home directory accessible via the Z: drive, attackers can also modify files on the Linux side, expanding the scope of potential damage. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L) indicates network attack vector, low complexity, no privileges required, no user interaction, and high impact on confidentiality and integrity. Although no known exploits are currently in the wild, the critical nature and ease of exploitation make this a high-risk issue. The patch addresses the problem by enforcing proper authentication checks and password validation before granting access to the Windows VM environment.

For European organizations utilizing pwn.college DOJO, particularly educational institutions and cybersecurity training centers, this vulnerability poses a significant risk of unauthorized access to sensitive virtual environments. Attackers exploiting this flaw can gain full control over Windows VMs, potentially leading to data theft, manipulation, or destruction within the virtual machines and linked Linux home directories. This could compromise the integrity of training exercises, leak sensitive educational or user data, and facilitate lateral movement within the network if the VMs are connected to broader infrastructure. The lack of authentication requirements and remote exploitability increase the likelihood of attacks, especially in environments where DOJO is exposed to the internet or insufficiently segmented. Additionally, the compromise of educational platforms could undermine trust in cybersecurity training programs and expose personal data of students and staff. The critical severity underscores the urgency for affected organizations to apply the patch promptly to avoid potential breaches and operational disruptions.

1. Immediately update the pwn.college DOJO platform to the patched version including commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef or later to ensure proper authentication enforcement. 2. Restrict network access to the /workspace endpoint by implementing network segmentation and firewall rules limiting access to trusted users and IP ranges. 3. Monitor access logs for unusual or unauthorized attempts to access Windows VMs, focusing on anomalous URL parameter usage or repeated failed authentication attempts. 4. Employ multi-factor authentication (MFA) for administrative access to the DOJO platform to add an additional security layer beyond password validation. 5. Conduct regular security audits and penetration tests on the DOJO environment to detect any residual or new vulnerabilities. 6. Educate users and administrators about the risks of improper authentication and the importance of applying security patches promptly. 7. If immediate patching is not feasible, consider temporarily disabling the Windows VM feature or restricting its use until the fix can be applied. 8. Implement strict access controls on the underlying Linux systems to limit the impact of any VM compromise via the Z: drive linkage.