
Jun 3, 2025
May 2025 Content & Platform Update
Welcome to the OffSec May 2025 content update! Find the full scoop inside.
This month, we’re putting more power in your hands—from getting discovered by employers to sharpening your skills with new labs and content across the platform.
Scroll down to see what’s new.
We’re getting ready to launch OffSec Talent Finder,
Where you can build a profile that highlights your certifications, hands-on skills, and deep security knowledge.
Think LinkedIn for Cyber, but powered by OffSec’s unmatched ability to indisputably validate your technical expertise.
Starting today, you can opt in to have your profile showcased to potential employers, so they can find you, and you can find your next opportunity.
- CVE-2025-23211-Tandoor-SSTI
- CVE-2024-12065
- CVE-2025-29927
- CVE-2024-56331-Uptime-Kuma-LFI
- CVE-2024-56363-APTRS_SSTI
- CVE-2024-46986-CamaleonCMS-Command_Execution
- CVE-2024-11170 – librechat
- CVE-2024-11958
- CVE-2024-2928
- Digital Forensics
- Writing yara rules to detect and block malware
- Using DD to create forensics images
- Analyzing TCP traffic of a reverse shell with wireshark
- Intro to Cloud Forensics
- Challenge Lab 3
- Challenge Lab 7
- Challenge Lab 9
- Challenge Lab 10
- Challenge Lab 8
Duration: 360mins
This module completes the LLM Red Teaming Learning Path. On at least 80% completion of labs on each Learning Module you will earn a badge.
Duration: 120mins
Duration: 120mins
Duration: 100mins
Duration: 60mins
Duration: 480mins
There’s plenty to dive into—stay tuned for more Talent Finder features and even more content next month.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-24893 – Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro
An RCE vulnerability in XWiki was found allowing unauthenticated attackers to execute arbitrary Groovy code remotely without authentication or prior access.
Jun 5, 2025
2 min read

Insights
OffSec’s Take on the Global Generative AI Adoption Index
Discover OffSec’s take on the latest Global Generative AI Adoption Index report released by AWS.
May 30, 2025
3 min read

Research & Tutorials
CVE-2025-0655 – Remote Code Execution in D-Tale via Unprotected Custom Filters
A critical remote code execution (RCE) vulnerability in the D-Tale data visualization tool was identified which allowed attackers to execute arbitrary system exams, abusing an exposed API endpoint.
May 29, 2025
2 min read