How severe is CVE-2025-2304?

The severity of CVE-2025-2304 has not been assessed with CVSS v3.

CVE-2025-2304

NONE

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems

Publicado: 3/14/2025Actualizado: 3/14/2025

Descripción

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

Análisis IAImpulsado por IA

Referencias

https://github.com/owen2345/camaleon-cms
https://www.tenable.com/security/research/tra-2025-09