How severe is CVE-2025-2304?

The severity of CVE-2025-2304 has not been assessed with CVSS v3.

CVE-2025-2304

NONE

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems

Published: 3/14/2025Updated: 3/14/2025

Description

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

AI AnalysisPowered by AI

References

https://github.com/owen2345/camaleon-cms
https://www.tenable.com/security/research/tra-2025-09