Overthewire Natas 25 Level is based on strcmp() function vulnerability. Generally, strcmp() is used to compare two strings together, We need to generate some kind of error here so we can obtain the password for the next level.
The code for the level is here:
So, I tried a lot of ways to generate error here. But the passwd= in the request is where you would get error, The reason why it gave the error is because the input that we will be providing is array, but the strcmp() always compares two strings and hence we got the password for the next level.