
May 12, 2025
April 2025 Content & Platform Update
Welcome to the OffSec April 2025 content update! Find the full scoop inside.
April brought a wave of fresh updates to the OffSec Learning Library: updates designed to keep your skills sharp, relevant, and aligned with what’s happening in the field.
Whether you’re pushing toward a certification or leveling up in a specific domain, this month’s content helps you keep the momentum going.
Take a look at what’s new:
Offensive Cyber Range
- OpenVaulted
- Mongoose (CVE-2024-53900)
- Kaya (CVE-2025-1302)
- Church-CRM (CVE-2025-1134)
- CVE-2025-21624-ClipBucket-V5
- Jpath (CVE-2024-21534)
- CVE-2024-57727
- CVE-2024-12029
- CVE-2024-12215-Kedro-RCE
- CVE-2024-13059-AnythingLLM-RCE
- erlang-otp (CVE-2025-32433)
- CVE-2024-37014
Proving Grounds
Defensive Cyber Range
- Digital Forensics
- Introduction to Yara
- Volatility Memory Forensics
- Intro to FTK
- Using FTK Imager to create a disk image for forensic analysis
- Lab Velociraptor Task1
- Lab Velociraptor Task2
- Uncorrupting a PNG file
- Restoring a corrupted PDF file
- Lab Deep Dive Office
- Intro to ext4 filesystems
- Lab Foremost
- Intro to DD
SOC-200
- Challenge Lab 5 (Update)
- Challenge Lab 11 (Update)
- Challenge Lab 6 (Update)
PEN-300
Challenge Lab 8
WEB-300 Challenge Labs
- Notebook Application
PEN-300
Attacking Active Directory Certificate Services
- Duration: 120mins
- Job Role: Network Penetration Tester
DEFEND
- Duration: 180mins
- Job Role: Digital Forensics Analysts
- Note: This module completes the Digital Forensics Foundations Learning Path.
IR-200: Phases of Incident Response
IR-200: Incident Response Overview
Stay tuned for more big updates coming to the platform!
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read