VYPR
Critical severityGHSA Advisory· Published Mar 14, 2025· Updated Apr 15, 2026

CVE-2025-2304

CVE-2025-2304

Description

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS

When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
camaleon_cmsRubyGems
< 2.9.12.9.1

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.