
Jun 3, 2025
May 2025 Content & Platform Update
Welcome to the OffSec May 2025 content update! Find the full scoop inside.
This month, we’re putting more power in your hands—from getting discovered by employers to sharpening your skills with new labs and content across the platform.
Scroll down to see what’s new.
We’re getting ready to launch OffSec Talent Finder,
Where you can build a profile that highlights your certifications, hands-on skills, and deep security knowledge.
Think LinkedIn for Cyber, but powered by OffSec’s unmatched ability to indisputably validate your technical expertise.
Starting today, you can opt in to have your profile showcased to potential employers, so they can find you, and you can find your next opportunity.
- CVE-2025-23211-Tandoor-SSTI
- CVE-2024-12065
- CVE-2025-29927
- CVE-2024-56331-Uptime-Kuma-LFI
- CVE-2024-56363-APTRS_SSTI
- CVE-2024-46986-CamaleonCMS-Command_Execution
- CVE-2024-11170 – librechat
- CVE-2024-11958
- CVE-2024-2928
- Digital Forensics
- Writing yara rules to detect and block malware
- Using DD to create forensics images
- Analyzing TCP traffic of a reverse shell with wireshark
- Intro to Cloud Forensics
- Challenge Lab 3
- Challenge Lab 7
- Challenge Lab 9
- Challenge Lab 10
- Challenge Lab 8
Duration: 360mins
This module completes the LLM Red Teaming Learning Path. On at least 80% completion of labs on each Learning Module you will earn a badge.
Duration: 120mins
Duration: 120mins
Duration: 100mins
Duration: 60mins
Duration: 480mins
There’s plenty to dive into—stay tuned for more Talent Finder features and even more content next month.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read