How severe is CVE-2025-2304?

The severity of CVE-2025-2304 has not been assessed with CVSS v3.

CVE-2025-2304

NONE

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems

게시됨: 3/14/2025업데이트됨: 3/14/2025

설명

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

AI 분석AI 기반

참조

https://github.com/owen2345/camaleon-cms
https://www.tenable.com/security/research/tra-2025-09