
May 12, 2025
April 2025 Content & Platform Update
Welcome to the OffSec April 2025 content update! Find the full scoop inside.
April brought a wave of fresh updates to the OffSec Learning Library: updates designed to keep your skills sharp, relevant, and aligned with what’s happening in the field.
Whether you’re pushing toward a certification or leveling up in a specific domain, this month’s content helps you keep the momentum going.
Take a look at what’s new:
Offensive Cyber Range
- OpenVaulted
- Mongoose (CVE-2024-53900)
- Kaya (CVE-2025-1302)
- Church-CRM (CVE-2025-1134)
- CVE-2025-21624-ClipBucket-V5
- Jpath (CVE-2024-21534)
- CVE-2024-57727
- CVE-2024-12029
- CVE-2024-12215-Kedro-RCE
- CVE-2024-13059-AnythingLLM-RCE
- erlang-otp (CVE-2025-32433)
- CVE-2024-37014
Proving Grounds
Defensive Cyber Range
- Digital Forensics
- Introduction to Yara
- Volatility Memory Forensics
- Intro to FTK
- Using FTK Imager to create a disk image for forensic analysis
- Lab Velociraptor Task1
- Lab Velociraptor Task2
- Uncorrupting a PNG file
- Restoring a corrupted PDF file
- Lab Deep Dive Office
- Intro to ext4 filesystems
- Lab Foremost
- Intro to DD
SOC-200
- Challenge Lab 5 (Update)
- Challenge Lab 11 (Update)
- Challenge Lab 6 (Update)
PEN-300
Challenge Lab 8
WEB-300 Challenge Labs
- Notebook Application
PEN-300
Attacking Active Directory Certificate Services
- Duration: 120mins
- Job Role: Network Penetration Tester
DEFEND
- Duration: 180mins
- Job Role: Digital Forensics Analysts
- Note: This module completes the Digital Forensics Foundations Learning Path.
IR-200: Phases of Incident Response
IR-200: Incident Response Overview
Stay tuned for more big updates coming to the platform!
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro
An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.
Jun 5, 2025
2 min read

Insights
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.
May 30, 2025
3 min read

Research & Tutorials
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.
May 29, 2025
2 min read