How severe is CVE-2025-2304?

The severity of CVE-2025-2304 has not been assessed with CVSS v3.

CVE-2025-2304

NONE

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems

Опубликовано: 3/14/2025Обновлено: 3/14/2025

Описание

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

ИИ-АнализНа базе ИИ

Ссылки

https://github.com/owen2345/camaleon-cms
https://www.tenable.com/security/research/tra-2025-09